Daver6
Enthusiast
- Joined
- Dec 31, 2011
- Posts
- 10,959
- Qantas
- Platinum
- Virgin
- Gold
Maybe we are looking at this from different angles. You would look to disable caching on an endpoint which may be a likely and vulnerable target for a Malware attack. If you are worried that your Ring Doorball is vulnerable to malware, perhaps stick it in a subzone and apply some specific firewall rules to mimimise the likelihood of whatever attack you think is possible. There's no one size fits all blanket solution. Local DNS servers are but one of many attack mitigation tools, not the one and only.
I think you've hit the nail on the head. We were looking at it from different angles. IOT type devices are much more likely to be vulnerable and I was confused how you would disable DNS caching. I get exactly what you're saying though.