Even if you use the internal resolver you could exfiltrate the data.
Yes, but an internal resolver has filtering and must be heavy monitored. If the DNS logs are sent to a SIEM you will be detected quickly
I mean most of the time said company resolvers have a service that block either suspicious requests, or only allow whitelisted domains.
Yes, but an internal resolver has filtering and must be heavy monitored. If the DNS logs are sent to a SIEM you will be detected quickly
I mean most of the time said company resolvers have a service that block either suspicious requests, or only allow whitelisted domains.