Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

DNS over HTTPS results in Little Snitch prompting for permissions for unknown numeric IPs — how can a user make judgments about whether to connect?

more options

I use Little Snitch as a firewall. It prompts for a yes/no on each connection that is about to be made. The only way I know of to make an informed decision in each case is to see the servers requesting a connection, of which there are many for each page request. When using DoH, these become numeric IP addresses, about which I know nothing, other than looking them up with Terminal nslookup, the first several of which turned out to be:

23.193.33.57 a23-193-33-57.deploy.static.akamaitechnologies.com. 172.217.7.4 lga25s56-in-f4.1e100.net. 4.7.217.172.in-addr.arpa namelga25s56-in-f4.1e100.net. 52.216.205.35 s3-1-w.amazonaws.com. 13.225.222.73 server-13-225-222-73.jfk51.r.cloudfront.net. 142.250.64.99 lga34s31-in-f3.1e100.net.

None of these was directly related to what I was trying to do, though cloudfront and akamai are frequent flyers. So I don't know if these were encrypted-DNS servers (though only cloudfront is supposed to be a default) or participant in the page I was attempting to reach.

This is clearly not a practical way to use a browser. It would appear that I will have to have DoH turned off in order to use the firewall. Is anyone else having this issue? Is there any other solution other than turning DoH off?

Thanks for any help.

I use Little Snitch as a firewall. It prompts for a yes/no on each connection that is about to be made. The only way I know of to make an informed decision in each case is to see the servers requesting a connection, of which there are many for each page request. When using DoH, these become numeric IP addresses, about which I know nothing, other than looking them up with Terminal nslookup, the first several of which turned out to be: 23.193.33.57 a23-193-33-57.deploy.static.akamaitechnologies.com. 172.217.7.4 lga25s56-in-f4.1e100.net. 4.7.217.172.in-addr.arpa namelga25s56-in-f4.1e100.net. 52.216.205.35 s3-1-w.amazonaws.com. 13.225.222.73 server-13-225-222-73.jfk51.r.cloudfront.net. 142.250.64.99 lga34s31-in-f3.1e100.net. None of these was directly related to what I was trying to do, though cloudfront and akamai are frequent flyers. So I don't know if these were encrypted-DNS servers (though only cloudfront is supposed to be a default) or participant in the page I was attempting to reach. This is clearly not a practical way to use a browser. It would appear that I will have to have DoH turned off in order to use the firewall. Is anyone else having this issue? Is there any other solution other than turning DoH off? Thanks for any help.

All Replies (1)

more options

I am not familiar with how Little Snitch works, so I am speculating here.

My guess would be when MacOS does the DNS lookup (in clear text), Little Snitch keeps track of the responses so it can match up IP addresses to recently requested host names. When DNS over HTTPS is used, the requests are encrypted, so Little Snitch isn't able to gather that data. Therefore, it can't show you its guess as to the host name corresponding to a particular IP address. If that is the situation I think you need to choose one or the other.