[Zeek] DNS
Jay Wren (jawren)
jawren at cisco.com
Tue Mar 10 12:31:15 PDT 2020
AFAIK, there isn't anything zeek can do to peek into those dns over https requests because it is encrypted in a TLS session. I suppose something could be updated with a list of known DNS over HTTPS providers and traffic to those IP addresses somehow flagged as such.
I don't trust the DNS over HTTPS providers any more than I trust my own DNS servers and so I've blocked them on my network.
________________________________
From: zeek-bounces at zeek.org <zeek-bounces at zeek.org> on behalf of Mitra, Shaibal <smitra at ucn.ca>
Sent: Tuesday, March 10, 2020 10:47 AM
To: zeek at zeek.org <zeek at zeek.org>
Subject: [Zeek] DNS
Now that firefox has adopted dns over https will this require changes to the zeek dns and http modules?
Thanks
[signature]
IT Network Systems Administrator
The Pas Campus
Ph:204-627-8593(Office)
Ph:204-620-1221(Cell)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200310/f21a20f3/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 12170 bytes
Desc: image001.png
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200310/f21a20f3/attachment-0001.bin
More information about the Zeek
mailing list