undefined | Better HN

0 pointsZnafon6y ago0 comments

Is DHCP useful to enforce network policy? What about users who manually set their DNS servers?

Wouldn't be a proxy checking the SNI of connections you open better?

0 comments

Enforcement is step 2. Proxy with a blacklist of hostnames would do, but unfortunately, with encrypted SNIs on the horizon, full blown https proxy with custom CA enrolled on all machines would be necessary.

Step 1 is a mechanism for those, who do not want to fight the network policy, just want the autoconfiguration.

j / k navigate · click thread line to collapse

0 pointsZnafon6y ago0 comments

Is DHCP useful to enforce network policy? What about users who manually set their DNS servers?

Wouldn't be a proxy checking the SNI of connections you open better?

0 comments

vetinari6y ago

Step 1 is a mechanism for those, who do not want to fight the network policy, just want the autoconfiguration.

j / k navigate · click thread line to collapse