Mitigating against and observing DoH – a real world deployment

DoH data flow

Whilst there has been a lot of discussion about the impact and usage of DNS-over-HTTPs there is so far very little data on how widely its usage has been adopted let alone what the traffic looks like. By adopting a layered approach using response policy zones and an internal DNS-over-HTTPS infrastructure it’s possible to start to get a clearer picture of DoH usage. Within a typical Enterprise environment, you would expect the use of external DNS servers to already be prohibited. The use of DNS-over-HTTPS is thus no different from any other tunnelling software that is used to circumvent such security controls. The simple approach to resolving this issue would be to just block DoH providers at the firewall as they were identified. However, maintaining such a list, as with any black list, will present some challenges and would be better managed by commercial providers. A more layered approach provides… Continue reading

Defence against the DoH! Arts

I’m afraid it’s another post about DNS-over-HTTPS, but there’s a lot going on. Whilst the current crop of DoH servers don’t suffer from the same problems as normal open DNS resolvers, they do have issues of their own. Whilst fans of DoH are right when they that nothing stopped applications from doing their own DNS before and that the bad guys have always tunnelled data over other protocols. It is also true that DoH has massively lowered the bar for them both in terms of readily available libraries and in the provision of vast, highly resilient, free, tunnelling infrastructure provisioned by reputable companies. However I don’t want to get back into that again, instead lets review the latest happenings in the world of Doh. In the last month we’ve had : a DoH controlled spam campaign, the first malware to leverage DoH and Mozilla nominated for Internet villain of the… Continue reading

DNS trouble shooting for beginners

Introduction DNS generally just works (at least as far as you’re concerned), which is good as the internet would be far less fun without it. However this does mean that many people don’t really know how to tell if a problem is a DNS error or something else – this makes life difficult for support desks and even worse causes work for DNS admins. It needn’t be so! Telling if something is a DNS issue is actually quite simple, and trouble shooting it isn’t much more difficult. To start with there are really only a very few ways that DNS can go wrong ( from a user perspective – from an admin perspective DNS can go wrong in many and varied ways ). Not responding at all Returning the wrong data Not returning a record when it should That from an end users point of view are really the only… Continue reading

WD MyBrick

These instructions were put together by Ouglee over on the WD forums. This copy is mainly just to make my life easier in case things go astray. If only because when hacking My Cloud I’ve needed these a few times. If you think you have bricked your WD My Cloud or are getting a lot of errors, Do not turn it off a lot of the time running processes will be fine so you should be able to copy all your data off first. Once you’ve power cycled it if it doesn’t come back retrieving all that data is far more hassle. Also there were some differences in what I saw and did which I’ll note here. When running gparted make a note of the end of your data partition as it saves time later on In step 16 I was asked for an “end” as well as a start.… Continue reading