5Kas
Can Google SafeSearch be enforced on a network where a user uses DoH?
As you may know, Google SafeSearch can be, and often is enforced by network admins on their networks.
And according to this Google article, this is how it works:
Set the DNS entry for www.google.com (and any other Google country or region domains that your users may use) to be a CNAME for forcesafesearch.google.com.
I do understand that setting the DNS entry for www.google.com to forcesafesearch.google.com can be used to force SafeSearch, but I don’t understand how this is possible if a user is using DNS over HTTPS.
- Can SafeSearch be enforced on a user using DoH?
- If so, does the DoH traffic need to be decrypted?
- If “no” to decryption, how does this work?
Maybe I haven’t properly understood how the enforcement works?
