This is a very serious problem. I would like insight as well. <div>I have noticed in my logs such activity e.g from <a href="http://internal/tab?url=http%3A%2F%2Fcloudfront.net%2F&referrer=https%3A%2F%2Fmail.google.com%2Fmail%2Fmu%2Fmp%2F411%2F%23co&target=_blank" target="_self">cloudfront.net</a> and other. </div><div><br></div><div>There is no silver bullet we all know that. The domains hosting malicious programs (and their social engineering) should as far as possible not reachable from the machines and programs should not be able to install in a straightforward manner anyway. The known bad ip ranges should be dropped. The questionable domains should be dns blackholed. And then what? The well known domains? What shall we do, cut off most of the internet? One may as well pull the plug, it’s faster. </div><div><br></div><div>Sometimes i wonder if in a few years we will be back to a host file with the few thousands of relatively trustworthy hosts we care for. Then again, who knows what the next machine does. My packets have to hop to a next machine, i dont control the internet :( </div><div><br>On Monday, October 1, 2018, Chris via Unbound-users <<a href="mailto:unbound-users@nlnetlabs.nl" target="_blank">unbound-users@nlnetlabs.nl</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I was reading a disturbing article on ways that DNS can be used to get data past firewalls and for malicious programs to communicate with a command and control center via DNS NXDOMAIN.<br>
<br>
Right off hand I dont see a way to block this ? Looking at my NXDOMAIN lookups its quite pervasive and coming from a large number of sources. Its clearly being used by A LOT of people.<br>
<br>
Is there a way I can use Unbound to mitigate this threat ? This is a serious issue because i don't see how to block this.<br>
<br>
<a href="http://internal/tab?url=https%3A%2F%2Fwww.plixer.com%2Fblog%2Fdetecting-malware%2Fsecurity-vendors-teaching-bad-actors-how-to-get-past-firewalls%2F&referrer=https%3A%2F%2Fmail.google.com%2Fmail%2Fmu%2Fmp%2F411%2F%23co&target=_blank" target="_self">https://www.plixer.com/blog/de<wbr>tecting-malware/security-vendo<wbr>rs-teaching-bad-actors-how-to-<wbr>get-past-firewalls/</a><br>
</blockquote></div>
<br>