<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Interesting, the Dnssec records with their by definition random
and large content seems to be the most interesting vehicle, at
least at first sight.</p>
<p>Will e.g. the google DNS server or any other resolver deliver and
fetch this data? At the moment I can't think of any reason it
should not do so.</p>
<p>To really block this, I think you would need to actually verify
the correctness of the data.<br>
</p>
<br>
<div class="moz-cite-prefix">On 17-06-2018 08.43, Blason R wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAPPXLT-7c49YX+fzWzmy+JwJJ78rRtaxvL_mmutQGZap53HWfg@mail.gmail.com">
<div dir="ltr">Hi Team,
<div><br>
</div>
<div>Can someone please guide if DNS exfiltration techniques can
be identified using DNS RPZ? Or do I need to install any other
third party tool like IDS to identify the the DNS beacon
channels.</div>
<div><br>
</div>
<div>Has anyone used DNS RPZ to block/detect data exfiltration?</div>
</div>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!" </pre>
</body>
</html>