apt_install_coffee,

So this is a system-wide DNS hijack for the purpose of filtering and monitoring?

So say an attacker can enable this service, would they then be able to redirect any DNS query regardless of if DNS over TLS + DNSSEC are configured? Surely I’m reading this wrong

Buelldozer,
@Buelldozer@lemmy.today avatar

So this is a system-wide DNS hijack for the purpose of filtering and monitoring?

It shifts DNS from Default Allow to Default Deny. AD DNS should have had this two decades ago.

So say an attacker can enable this service

If an attacker has already penetrated your Network Infrastructure to the point that they can setup ZTDNS you’ve already got problems so serious that DNS over TLS with DNSSEC is not going to save you.

_sideffect,

That’s the same amount of trust I put into Microsoft security products!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • cybersecurity@sh.itjust.works
  • DreamBathrooms
  • ngwrru68w68
  • InstantRegret
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • tacticalgear
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • mdbf
  • ethstaker
  • JUstTest
  • GTA5RPClips
  • modclub
  • tester
  • provamag3
  • osvaldo12
  • cisconetworking
  • everett
  • cubers
  • normalnudes
  • megavids
  • Leos
  • anitta
  • lostlight
  • All magazines
    •