This is important for customers who have created policies from scratch. All policies for DNS devices should include the following targets to avoid people on the network from circumventing DNS defense and getting infected.
Targets:
Apple Private Relay FQDNs - Domains
DNS over HTTPS Servers - Domains
DOH Providers - IPs
These are included in default policies now, so if you make a new policy by copying one of ours it should be there, but always check to be safe, as these services are designed to circumvent company set DNS providers but don't provide any protection.
Comments