Benefit

Although not for everyone netfoil is a DNS proxy that does DNS allowlisting. This significantly reduces attack surface and mitigates a ton of attacks, the concept is explained really well in this article (not affiliated with netfoil) https://privsec.dev/posts/knowledge/badness-enumeration/ Check out netfoil here: https://github.com/tinfoil-factory/netfoil

Solution

Make it a part of the dns-selector to enable netfoil. We could also include options like having a loose or strict config included, or allowlisting the top 1000, 10 000 or 1 000 000 domains.

Alternatives

There is really no alternatives for this.

Declaration

• I agree to follow this project's Code of Conduct.
• I declare that this is not a request for alternate community messaging or social platforms.
• I declare that I have read the secureblue website and my feature request is in-scope.