• SmoothLiquidation@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    7 months ago

    This sounds like a pain in the ass to maintain. Either you are trusting Microsoft to give you a whitelist of “good” domains or you have the IT department having to jump to action every time a user tries to connect to a new site. If you are just using it to track dns queries then you have to trust that the whole software suite of the organization is playing nice and not using any hard-coded IP addresses or doing any dns lookups in a bad way, which with custom legacy software, good luck.

    Also, is this just a server change, or will all the client boxes have to be updated for this? That will be a pain in any network with a mix of OSes on it.

    • Alex@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      It probably won’t be used in the majority of environments because it would be an administration nightmare.