DNS

Mitra_Shaibal · March 10, 2020, 2:47pm

Now that firefox has adopted dns over https will this require changes to the zeek dns and http modules?

Thanks

signature

IT Network Systems Administrator

The Pas Campus

Ph:204-627-8593(Office)

Ph:204-620-1221(Cell)

Jay_Wren_jawren · March 10, 2020, 7:31pm

AFAIK, there isn’t anything zeek can do to peek into those dns over https requests because it is encrypted in a TLS session. I suppose something could be updated with a list of known DNS over HTTPS providers and traffic to those IP addresses somehow flagged as such.

I don’t trust the DNS over HTTPS providers any more than I trust my own DNS servers and so I’ve blocked them on my network.

Michal_Purzynski1 · March 10, 2020, 8:27pm

The best thing to do is to disable the whole thing, at the network level.

https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet

Or on every Firefox, in network.trr.mode=5

How sending all of my DNS data by default to cloudflare is good for privacy is beyond me.

Topic		Replies	Views
Zeek Newsletter - Issue 18 - May-Early June 2022 Zeek newsletter	0	494	June 6, 2022
Certificate questions Zeek	4	502	May 6, 2022
Passive DNS collection Zeek	1	92	May 6, 2022
Looking for Info on DPDK and Zeek Zeek	2	168	May 6, 2022
[zeek] [script] JA4 Fingerprinting Support Zeek development	2	934	February 28, 2024

DNS

Related Topics