On 3/19/2019 1:53 PM, Winfield, Alister wrote: > > > > Third party DNS/DoH providers could probably block resolution of > phishing names or botnet C&C names using the same methods as > enterprises do today, but the enterprise network will not be > informed that one of its devices just tried to contact a botnet > C&C. It would be very nice if the IETF standardized a way to do that. > > > > I don’t see why they wouldn’t, and I could easily envision them being > obliged to do so in the future. > > > They say to you IP a.b.c.d which sadly is the external IP on the NAT > exiting the corporate network has a problem. So great one of > potentially 1000’s of devices is infected but not really much better > information than that. In effect exactly what most security operations > teams assume is true every day of the week. > That when IPv6 sounds good...
-- Christian Huitema
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop