Caveats

Clients can make their own connections to DNS over TLS servers, so block them on TCP/UDP ports 53 and 853 to ensure they only query the DNS Resolver (Blocking External Client DNS Queries).

Redirecting DNS over TLS queries to the DNS Resolver may or may not work, depending on the clients. Setup the DNS over TLS server and add port forward redirects for TCP/UDP ports 53 and 853 to redirect DNS queries to the firewall (Redirecting Client DNS Requests).

Note: Though clients may reject the DNS over TLS server certificate since it would not match their intended server, this could still have the intended result. The client may fall back to traditional DNS queries if DNS over TLS validation fails.

© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.