I’m not aware of any products which yet support DNS over TLS monitoring, so I doubt it’s done at scale (there’s Palo Alto, but that’s just blocking at this stage). It will emerge tho.
-
-
This Tweet is unavailable.
-
Replying to @JaxxAI @no_scooters and
Aye that provides blocking, not monitoring and logging tho. Malware is only a small part of the security landscape, you see phishing etc using DNS. It’s not a big deal tho as security solutions will adapt, it’s similar with the mass move to SSL years back.
3 replies 0 retweets 9 likes -
Replying to @GossiTheDog @no_scooters and
Would you agree that the strong push for SSL, while inconvenient for network monitoring, was a good thing? I get the pushback because it will require changes, but it is very clearly the right direction
3 replies 0 retweets 18 likes -
Replying to @taviso @no_scooters and
It’s a good thing for consumers. For enterprises it raised the bar of security technical requirements, kinda feeds into security poverty for orgs that can’t invest in tooling.
2 replies 0 retweets 7 likes -
Replying to @GossiTheDog @no_scooters and
I don't follow, it absolutely must be possible for Administrators to disable DoH via group policy, I don't think anybody claims otherwise? If you're Administrator, it's your endpoint and you can disable all privacy controls if you wish.
7 replies 1 retweet 6 likes -
Replying to @taviso @GossiTheDog and
Yes, you can disable DoH in Chrome, Firefox and other legitimate applications by using Group Policy, but there is also the aspect of malicious applications or poorly coded applications that don't provide that facility or don't respect it for malicious reasons.
2 replies 0 retweets 1 like -
Replying to @NEXUS2345 @taviso and
Or somehow the default always favours one party, and somehow you keep ending back up that default. You can keep turning off location tracking, but somehow it never sticks.https://fortune.com/2018/08/21/google-location-tracking-lawsuit-ftc/ …
1 reply 0 retweets 1 like -
Replying to @PowerDNS_Bert @NEXUS2345 and
Are your arguments so weak that you have to play the "malicious ulterior motive" card? Frankly, it doesn't even make sense, "I don't trust anyone to honor the setting, so you should never even give us the setting"?
1 reply 0 retweets 0 likes -
Replying to @taviso @NEXUS2345 and
Once your company has a track record of not ignoring these settings or accidentally monetizing/sharing things they said they wouldn't your argument would be credible. Until then we wait. You are aware of where you work? I sometimes wonder.
2 replies 0 retweets 0 likes
Please stop with this nonsense Bert, I'm not questioning your or PowerDNS motives. Let your arguments stand on their own if they're strong enough.
-
-
Replying to @taviso @NEXUS2345 and
You can look at our privacy credentials all you want, they are sound. Track record and business model matters when someone attempts to centralize even more internet on themselves.
1 reply 0 retweets 2 likes -
Replying to @PowerDNS_Bert @NEXUS2345 and
You're right to be worried about this Bert, the argument for DoH is so strong and your silly personal attacks are so weak that the days of DNS snooping products are surely numbered.1 reply 0 retweets 2 likes - 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.