{"id":15148297,"url":"https://github.com/sekhan/thegreatwall","last_synced_at":"2025-10-24T03:31:29.307Z","repository":{"id":56675463,"uuid":"245798445","full_name":"Sekhan/TheGreatWall","owner":"Sekhan","description":"Prevent program and malware to bypass DNS filter by using DoH","archived":false,"fork":false,"pushed_at":"2022-07-10T21:20:28.000Z","size":255,"stargazers_count":106,"open_issues_count":3,"forks_count":16,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-10-29T22:36:23.711Z","etag":null,"topics":["blocklist","doh","hostsfile","ipv4-list","ipv6-list","pihole","security"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sekhan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-08T11:01:40.000Z","updated_at":"2024-08-17T05:30:23.000Z","dependencies_parsed_at":"2022-08-15T23:01:09.882Z","dependency_job_id":null,"html_url":"https://github.com/Sekhan/TheGreatWall","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sekhan%2FTheGreatWall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sekhan%2FTheGreatWall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sekhan%2FTheGreatWall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sekhan%2FTheGreatWall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sekhan","download_url":"https://codeload.github.com/Sekhan/TheGreatWall/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237910078,"owners_count":19385829,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blocklist","doh","hostsfile","ipv4-list","ipv6-list","pihole","security"],"created_at":"2024-09-26T13:02:28.202Z","updated_at":"2025-10-24T03:31:28.967Z","avatar_url":"https://github.com/Sekhan.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch3 align=\"center\"\u003e\u003cimg src=https://github.com/Sekhan/TheGreatWall/blob/master/Picture/TitleList.jpg alt=\"TitleList\" height=\"250px\"\u003e\u003c/h3\u003e\n\n## What is DNS-over-HTTPS (DoH) ?\n\nDoH is a protocol introduced in 2018 as a solution to improve DNS security by encrypting queries through HTTPS, which is advertised as a method to prevent your ISP from tracking your activity, allow you to bypass censorship and protect you against DNS data manipulation (MiMT). In the start of 2020, popular web-browser like \u003ca href=\"https://arstechnica.com/information-technology/2020/02/firefox-turns-encrypted-dns-on-by-default-to-thwart-snooping-isps/\"\u003e Mozilla has started to turn DoH by default in the US\u003c/a\u003e and others are \u003ca href=\"https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html\"\u003e experimenting it\u003c/a\u003e. Microsoft is also considering \u003ca href=\"https://www.bleepingcomputer.com/news/microsoft/microsoft-is-adding-dns-over-https-doh-to-windows-10/\"\u003ethe addition of DoH in Windows 10\u003c/a\u003e.\n\n### But wait... DoH isn't supposed to be a good thing ?\n\nWhile bringing encryption is always an important thing, including in oppressive countries, DoH isn't a bulletproof solution and may actually cause more problem than it solve. **The rise of service providing DoH, especially US companies like Google or Cloudflare, could harm your privacy by offering additional tracking capabilities** (ex : TLS resumption, which allow to reuse a previous encrypted state for future connection to the same server, could be used to track your browser across IP adress changes) **and centralizing DNS traffic into popular DoH resolver.**\n\n**But moreover, programs and malwares could abuse public DoH provider to evade DNS filtering (like Pihole) and communicate with telemetry service or command-and-control server. See \u003ca href=\"https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/new-godlua-backdoor-found-abusing-dns-over-https-doh-protocol\"\u003eGodlua malware\u003c/a\u003e.**\n\n### :warning: Disclaimer \n\n**Theses lists (updated every month) has been created for security purpose ONLY**. There are not a tool to prevent your employee from bypassing the fact that you're monitoring/blocking their online activity ! If you suspect your entity to do so, consider using a VPN or Tor Browser.\n\nYou can also block `port 853` for DNS over TLS (DoT)\n\n## An alternative way : increase DoH visibility\n\nBlocking DoH entirely might not be the best approch for everyone, especially if your company wants the benefits of using encrypted DNS while being able to analyse suspicious communications. **\u003ca href=\"https://www.sans.org/reading-room/whitepapers/dns/dealing-doh-methods-increase-dns-visibility-doh-gains-traction-39560\"\u003e This paper \u003c/a\u003e demonstrate the possibility of redirecting all traffic from `port 453` to PolarProxy and Security Onion, allowing you to analyse DoH traffic in an unencrypted form.**\n\n## Additionnal ressources :blue_book:\n\n- \u003ca href=\"https://www.youtube.com/watch?v=pjin3nv8jAo\"\u003e NLNOG 2019 - DNS over HTTPS considerations\u003c/a\u003e.\n\n- \u003ca href=\"https://www.ietf.org/archive/id/draft-doh-reid-operator-00.txt\"\u003eDoH draft for the IETF\u003c/a\u003e (\"Privacy Concerns\" and \"Security Considerations\").\n\n\n\u003cp align=\"right\"\u003e * Wall icon drawed by Eucalyp (flaticon.com)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsekhan%2Fthegreatwall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsekhan%2Fthegreatwall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsekhan%2Fthegreatwall/lists"}