Don’t most DoH resolversl settings have you enter the IP (for the actual lookup connection) along with the hostname of the DoH server (for cert validation for HTTPS)? Wouldn’t this avoid the first lookup problem because there would be a certificate mismatch if they tried to intercept it?
Well, that’s the thing. I’ve seen many instances where the DoH field is required to be a FQDN, not an IP. This always struck me as strange, but I didn’t think much on it until recently.
Don’t most DoH resolversl settings have you enter the IP (for the actual lookup connection) along with the hostname of the DoH server (for cert validation for HTTPS)? Wouldn’t this avoid the first lookup problem because there would be a certificate mismatch if they tried to intercept it?
Well, that’s the thing. I’ve seen many instances where the DoH field is required to be a FQDN, not an IP. This always struck me as strange, but I didn’t think much on it until recently.