[Zeek] DNS

Jay Wren (jawren) jawren at cisco.com
Tue Mar 10 12:31:15 PDT 2020


AFAIK, there isn't anything zeek can do to peek into those dns over https requests because it is encrypted in a TLS session. I suppose something could be updated with a list of known DNS over HTTPS providers and traffic to those IP addresses somehow flagged as such.

I don't trust the DNS over HTTPS providers any more than I trust my own DNS servers and so I've blocked them on my network.
________________________________
From: zeek-bounces at zeek.org <zeek-bounces at zeek.org> on behalf of Mitra, Shaibal <smitra at ucn.ca>
Sent: Tuesday, March 10, 2020 10:47 AM
To: zeek at zeek.org <zeek at zeek.org>
Subject: [Zeek] DNS


Now that firefox has adopted dns over https will this require changes to the zeek dns and http modules?



Thanks



[signature]

IT Network Systems Administrator

The Pas Campus

Ph:204-627-8593(Office)

Ph:204-620-1221(Cell)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200310/f21a20f3/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 12170 bytes
Desc: image001.png
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200310/f21a20f3/attachment-0001.bin 


More information about the Zeek mailing list