@desert_lizard , ztdns is intended to be the secure telemetry system to
enable connections to trusted destinations, not validate end users or
apps. That's a separate layer of zt, (which, of course, would be locked
down by its inability to do connections not listed in the approved and
available DNS s...
@desert_lizard the identity of the client is verified when the encrypted
DNS connection is established using mTLS -- this allows the admin to
configure the client cert for Windows to present when connecting. Keep
in mind that user (human-centric) identity is a huge and critical part
of Zero Trust, b...
@foobar2020 your suggestion is good, but it isn't a replacement for
ZTDNS anymore than ZTDNS is for your suggestion. ZTDNS allows a secured
PDNS server to make segmentation-by-name policy decisions for Windows to
then enforce. It does not try to do anything server-side to secure zone
data.
@MichaelGrafnetter I agree! ZTDNS client is not gated to Win11 SKU, so
there's no reason one couldn't use it on Windows Server (though it would
only affect outbound connectivity, not inbound, and there may be other
gotchas we're not testing for since Win11 is our priority for now). When
ZTDNS client...
Latest Comments