NXDOMAIN data leakage prevention
Public2 at xymox1.com
Mon Oct 1 11:03:47 UTC 2018
I was reading a disturbing article on ways that DNS can be used to get
data past firewalls and for malicious programs to communicate with a
command and control center via DNS NXDOMAIN.
Right off hand I dont see a way to block this ? Looking at my NXDOMAIN
lookups its quite pervasive and coming from a large number of sources.
Its clearly being used by A LOT of people.
Is there a way I can use Unbound to mitigate this threat ? This is a
serious issue because i don't see how to block this.
More information about the Unbound-users