Networking Blog

The Official Blog Site of the Windows Core Networking Team at Microsoft

Options
49.4K
tojens on May 02 2024 06:00 AM
13.2K
tojens on May 02 2024 06:00 AM
2,921
AditiPatange on Apr 25 2024 06:00 AM
50.5K
JamesKehr on Apr 18 2024 12:10 PM
10.4K
tojens on Mar 07 2024 07:00 AM
6,808
tojens on Feb 06 2024 06:00 AM
2,267
Kyle Bisnett on Feb 02 2024 09:10 AM
13.3K
AditiPatange on Oct 25 2023 10:00 AM
12.8K
JamesKehr on Jul 05 2023 03:21 PM
5,262
Dan Cuomo on Jul 05 2023 10:13 AM
6,962
Dan Cuomo on Jun 09 2023 09:38 AM
5,793
Kyle Bisnett on Mar 16 2023 09:28 AM
10.3K
Basel_Kablawi on Mar 15 2023 10:15 AM
7,546
Kyle Bisnett on Jan 17 2023 12:50 PM
6,293
Basel_Kablawi on Jan 06 2023 03:10 PM
8,715
Dan Cuomo on Nov 15 2022 06:01 AM
8,602
Dan Cuomo on Nov 15 2022 06:00 AM
6,918
Kyle Bisnett on Oct 12 2022 10:05 AM
17.2K
Daniel Havey on Sep 30 2022 08:50 AM
8,081
huanyi on Sep 16 2022 03:36 PM
12.8K
Dan Cuomo on Aug 31 2022 08:38 AM
8,007
Kyle Bisnett on Aug 30 2022 02:58 PM
7,447
Kyle Bisnett on Aug 25 2022 10:31 AM
57K
tojens on Jul 13 2022 10:00 AM
15.1K
nibanks on May 24 2022 09:56 AM
30.9K
tojens on Apr 22 2022 09:00 AM
82.6K
JamesKehr on Apr 04 2022 01:36 PM
10.6K
tojens on Apr 01 2022 09:00 AM

Latest Comments

@desert_lizard , ztdns is intended to be the secure telemetry system to enable connections to trusted destinations, not validate end users or apps. That's a separate layer of zt, (which, of course, would be locked down by its inability to do connections not listed in the approved and available DNS s...
0 Likes
@desert_lizard the identity of the client is verified when the encrypted DNS connection is established using mTLS -- this allows the admin to configure the client cert for Windows to present when connecting. Keep in mind that user (human-centric) identity is a huge and critical part of Zero Trust, b...
0 Likes
@foobar2020 your suggestion is good, but it isn't a replacement for ZTDNS anymore than ZTDNS is for your suggestion. ZTDNS allows a secured PDNS server to make segmentation-by-name policy decisions for Windows to then enforce. It does not try to do anything server-side to secure zone data.
0 Likes
@MichaelGrafnetter I agree! ZTDNS client is not gated to Win11 SKU, so there's no reason one couldn't use it on Windows Server (though it would only affect outbound connectivity, not inbound, and there may be other gotchas we're not testing for since Win11 is our priority for now). When ZTDNS client...
0 Likes
I'm not sure this is zero trust. How is the authenticity of the user being checked when doing a DNS lookup?
0 Likes