DNS over HTTPS results in Little Snitch prompting for permissions for unknown numeric IPs — how can a user make judgments about whether to connect?
I use Little Snitch as a firewall. It prompts for a yes/no on each connection that is about to be made. The only way I know of to make an informed decision in each case i… (read more)
I use Little Snitch as a firewall. It prompts for a yes/no on each connection that is about to be made. The only way I know of to make an informed decision in each case is to see the servers requesting a connection, of which there are many for each page request. When using DoH, these become numeric IP addresses, about which I know nothing, other than looking them up with Terminal nslookup, the first several of which turned out to be:
18.104.22.168 a23-193-33-57.deploy.static.akamaitechnologies.com. 22.214.171.124 lga25s56-in-f4.1e100.net. 126.96.36.199.in-addr.arpa namelga25s56-in-f4.1e100.net. 188.8.131.52 s3-1-w.amazonaws.com. 184.108.40.206 server-13-225-222-73.jfk51.r.cloudfront.net. 220.127.116.11 lga34s31-in-f3.1e100.net.
None of these was directly related to what I was trying to do, though cloudfront and akamai are frequent flyers. So I don't know if these were encrypted-DNS servers (though only cloudfront is supposed to be a default) or participant in the page I was attempting to reach.
This is clearly not a practical way to use a browser. It would appear that I will have to have DoH turned off in order to use the firewall. Is anyone else having this issue? Is there any other solution other than turning DoH off?
Thanks for any help.