Xavier Mertens’ new post on the ISC Blog about blocking DNS over HTTPS with BIND RPZ was posted today, and it provides some really useful and actionable information on how to do it. BIND RPZs are a very useful tool for whole-of-network security actions.
And before you reach for your angry typing keyboard, yes - DoH is a great idea - until you want to be able to take the skills and tools of your corporate security team to secure them and respond to threats and incidents. :)