Now that firefox has adopted dns over https will this require changes to the zeek dns and http modules?
Thanks
IT Network Systems Administrator
The Pas Campus
Ph:204-627-8593(Office)
Ph:204-620-1221(Cell)
Now that firefox has adopted dns over https will this require changes to the zeek dns and http modules?
Thanks
IT Network Systems Administrator
The Pas Campus
Ph:204-627-8593(Office)
Ph:204-620-1221(Cell)
AFAIK, there isn’t anything zeek can do to peek into those dns over https requests because it is encrypted in a TLS session. I suppose something could be updated with a list of known DNS over HTTPS providers and traffic to those IP addresses somehow flagged as such.
I don’t trust the DNS over HTTPS providers any more than I trust my own DNS servers and so I’ve blocked them on my network.
The best thing to do is to disable the whole thing, at the network level.
https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet
Or on every Firefox, in network.trr.mode=5
How sending all of my DNS data by default to cloudflare is good for privacy is beyond me.