Hardening DNS in a corporate environment, performed this morning:

BEGIN

Block egress DNS except for our trusted DNS servers.

Disable DoH for Firefox users.

END

Now let's see who has misconfigured DNS clients or is using third-party DNS providers like 8.8.8.8.

#BOFH #infosec

Follow

@lattera What happens when they start the ultimate phase of their plan where they mix the DoH https servers with the cloudflare frontend proxies? Just block all of cloudflare? (Not that I am opposed to this, it would just be highly disruptive)

· · Web · 0 · 0 · 1
Sign in to participate in the conversation
Cross Family's Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!