Implicit Deny ALL for DNS Resolution

Implicit Deny ALL for DNS Resolution

The principle of least privilege (PoLP), also known as the principle of minimal privilege or the principle of least authority, requires a process or function must be able to access only the information and resources that are necessary for its legitimate purpose.

While the DNS has many flaws, its recursion "feature" is inherently a major security weakness. A recursive DNS lookup is where a DNS servers will attempt to find an an IP address for a fully qualified domain name.

Unlike Securd, DNS servers do not have any security feature to quickly modify allowed resolution to implicitly deny resolution.

In a critical incident or breach situation, you may be forced to immediately block, log and analyze all outbound DNS traffic across your enterprise endpoints and sites to rapidly contain an evolving threat. With Securd, you can flip a switch and immediately block all external resolution and mitigate an egress cyber threat.

Security Policy Default Actions

Allow Traffic - This is the default setting in a security policy. This allows all DNS queries to be performed and then they are processed by Securd, order of operations.

Block Traffic - This setting implicitly will drop all DNS traffic. Unless you specifically allow domains to be accessed in a policy list, DNS resolution will be blocked.


    • Related Articles

    • Allow or Block DNS Resolution to Domains

      When to block and allow sites Use the block list and allow list functionality to make granular block and allow settings in a Securd security policy. Block and allow domain options Block site at the hostname, domain or tld level – Blocked hosts or ...

    • Allow or Block DNS Resolution on CIDR Blocks

      When to block and allow networks Use the network block list and allow list functionality to make granular block and allow settings in a Securd security policy. Block and allow options Block site at the network level – Records resolving to a network ...

    • Configure DNS-over-HTTPS for Windows 10 (Build 19628 or Newer)

      REQUIRED: Windows 10 (Build 19628 or Newer) REQUIRED: MOBILE DOH ADDRESS PREFIX REPLACE {DOH PREFIX} with your DoH prefix. Enable DoH in Windows 10 • Open the Registry Editor (regedit). • Navigate to the following registry key: ...

    • DNS Acronyms

      These acronyms and terms are frequently used when discussing securing DNS. DNS: Domain Name System. This is a system that translates human-readable domain names (such as www.example.com) into numerical IP addresses that computers can use to ...

    • Understanding Anycast Recursive DNS

      Introduction When you're using the internet, every website you visit starts with a DNS (Domain Name System) query. Anycast Recursive DNS is a powerful technology that helps to speed up these queries, making your internet experience faster and more ...