Create a BLACK HOLE feature that any domains listed in here if matched are NOT PROCESSED at all but instead are BLACK HOLED.. Do not process DNS for them at all just drop the connection and DO NOT count this traffic as part of the user traffic
Jerry Ketterling
The NETWORK should be able allow us to define a list of domains that we simply want to BLACK hole and NOT TO be processed at all. NOT a block but simply a black hole with no reply. This is in relation to DNS being used to spy on SMART TV Views where the TV sends a continuous stream of DNS queries revealing essentially WHAT you are watching and FOR HOW LONG you are watching. These domains are discoverable and they can be BLOCKED by DNSFilter but the problem this creates is that a single SMART TV left on 24x7 will generate upwards of 2 millions DNS queries as it continues to rat out what your watching.... A single SMART TV can generate 2 million DNS requests per month -- non of which are legitimate DNS requests. They are using DNS port 53, / 853 and DNS over TLS or HTTP to sneek an outbound packet that basically reveals WHAT YOU are watching and how long you are watching it. These packets can be a stream of continuous DNS packets going out from the TV. -- WHY NOT allow for a catch all BLACK HOLE in the DNSFilter cloud that if domains are matched here there are simply DISCARDED with no DNS reply response -- thereby not counting as traffic processed by DNSFilter at all and not counted against your TRAFFIC threshold.. This is a major issue. SURE -- we can reconfigure the TVs to use 1.1.1.1 or some other DNS server, but shouldn't DNSFilter offer a soluition here - -you can not expect everyone to be savy enough to change their DNS server settings on their TV. Lets be honest, the average user of a smart TV is using IP addressing and DNS server settings pushed to their device via DHCP probably associated with their WIFI router or a telcom network end point. Users are completely oblivious to DNS servers and changing them. So we need an elegant way to just DROP this traffic at the CLOUD level so it is just not counted. Just drop the DNS request and do not process it at all. The TV will still run and now you are PROTECTING the users of that TV so that their USER WATCHING habits are not being spied on and used for targeted advertising. THIS IS a security and privacy issue.