Hardening DNS in a corporate environment, performed this morning:
BEGIN
Block egress DNS except for our trusted DNS servers.
Disable DoH for Firefox users.
END
Now let's see who has misconfigured DNS clients or is using third-party DNS providers like 8.8.8.8.
#BOFH #infosec