Update 1. Reddit contains additional information link below Update 2. I now have confirmation that the two cloudflare ips I dug up are indeed the ticket to blocking CF DoH.
So what do you guys/gals think about putting together a list of iot doh server ip's? We could use them to block with iptables and it might force the use of port 53 instead?
Leaving aside I don't think PiHole blocks by IP (unless you were proposing blocking via iptables) a rather more elegant solution would be to find out if they're using a "canary" url in the same way Firefox does and block that( which then leaves you free to use DOH to your upstream provider should you choose too)
You do realize that they are using the domains to serve ads ads=money. They are not going to give us this luxury. We are not talking about blocking on a browser level here.
You're missing the point. IoT devices like roku chromecast etc.... will be using DoH to serve us ads that make them money. firefox does this for "privacy" NOT to make money. I just don't think they are going to give us a way out. That is not how businesses run.
My current provider already does DOT on the same address. I choose Dot for my delivery method. This thread is more to focus on devices with hardcoded dns.
I bet I'm one of 10 or less people in this community using my provider. It's semi-private. Well in the sense that you can't find any info other than the website for it. Well maybe you can but I don't speak German.
Before anyone asks why I would want to deal with a response time above 100ms (I'm in the US)..
Germany has some of the best privacy laws in the world.
a slightly less sledgehammer approach, which admittedly requires more user input, would be to block outbound requests to specific IPs from specified devices only.
Many people use the more generic DNS Ips from people like CLoudflare or Google or Level3
Update
I have added some iptables to redirect all traffic on port 853 to an address of my choosing.
If anyone is interested I have a decent collection of iptables for dd-wrt. Just let me know what you are trying to accomplish.