...
Use the following DoH URL in the Google Admin Console:
URL: https://doh.threatdefense.infoblox.com/{variable_name}/dns-query
Replace {variable_name} with one of the following attributes based on the user's Chrome admin plan.
USER_EMAIL
Example:
https://doh.threatdefense.infoblox.com/hash/${USER_EMAIL}/dns-query
DEVICE_SERIAL_NUMBER
Example:
https://doh.threatdefense.infoblox.com//hash/${DEVICE_SERIAL_NUMBER}/dns-query
Chrome Enterprise Upgrade or higher plans
Customers with Chrome Enterprise Upgrade or higher plan must use DEVICE_SERIAL_NUMBER.
Customers with Chrome Enterprise Core must use USER_EMAIL.
3. Navigate to Devices > Chrome > Settings.
...
5. Scroll down to Network Tab for DNS-over-HTTPS, DNS-over-HTTPS with identifiers, and DNS-over-HTTPS with exclude domains settings.
...
DNS-over-HTTPS:
Select Require DNS-over-HTTPS.
Add the DoH URL in the DNS-over-HTTPS templates field.
Click Save.
...
DNS-over-HTTPS with identifiers:
Add the same DoH URL as in the previous step.
Enter the same 32-bit hexadecimal character as the Salt for hashing identifiers in URI Templates and the Extensions field.
Click Save.
...
Note: Ensure the same 32-bit hexadecimal character is used in both DNS-over-HTTPS and Apps and Extensions fields.
| Info |
|---|
Exclude Domains:
|
These settings ensure that the configuration is synchronized with Google APIs and Infoblox Server. when it is saved.
...
URL Blocking
To prevent users from accessing chrome://policy/ (which displays configuration and policies assigned by Google Admin Console):
Navigate to Devices > Chrome > Settings > Users and Browsers > URL Blocking.
Block the following URL:
chrome://policy/
...
Completing the Deployment
...