undefined | Better HN

0 pointstuwtuwtuwtuw6mo ago0 comments

Even if you use the internal resolver you could exfiltrate the data.

0 comments

Yes, but an internal resolver has filtering and must be heavy monitored. If the DNS logs are sent to a SIEM you will be detected quickly

pixl976mo ago

I mean most of the time said company resolvers have a service that block either suspicious requests, or only allow whitelisted domains.

j / k navigate · click thread line to collapse

0 pointstuwtuwtuwtuw6mo ago0 comments

Even if you use the internal resolver you could exfiltrate the data.

Yes, but an internal resolver has filtering and must be heavy monitored. If the DNS logs are sent to a SIEM you will be detected quickly

pixl976mo ago

I mean most of the time said company resolvers have a service that block either suspicious requests, or only allow whitelisted domains.

j / k navigate · click thread line to collapse