On Thursday, May 22, 2025 4:23:05 PM CEST Karol Nowicki via bind-users wrote: > Does ISC Bind software by native has any dns tunneling prevention embedded? > Thanks
BIND on its own does not do this. Assuming that you are running it on a LAN as a resolver meanwhile, you can make it the only thing that can communicate on port 53 to the Internet. That is the job of your firewall, and yours to configure. You'll probably also want to prevent DoT (853) from going out at all, though its sibling DoH will be a lot harder to filter for. As you've probably already realized by now, security is by no means a "slap software X or Y on it and call it a day" type of ordeal. One could argue that if you have a piece of malware attempting to make a DNS tunnel to get commands from a C2 or whatever, you (or whoever else owns that machine) shouldn't be running that software in the first place. Which in itself is a multifaceted policy question. -- Met vriendelijke groet, Michael De Roover Mail: i...@nixmagic.com Web: michael.de.roover.eu.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
