Microsoft is developing a Zero-Trust DNS protocol called ZTDNS, integrating the Windows DNS engine with the Windows Filtering Platform to enable organizations to define a 'protective DNS server' for clients, restricting resolutions to specific domains and IP address subnets. This has raised concerns about potential surveillance, control, and censorship, with discussions on privacy implications, trust in Microsoft, and the balance between security measures and human rights. The implementation process is seen as complex and challenging for enterprise admins, highlighting the need for a structured approach to achieve network security objectives
The initiative aligns with Microsoft's strategic sales tactics to market lucrative security solutions to corporate clients, focusing on compliance checkboxes and leveraging C-level executive agreements. Critics question the practicality, effectiveness, and ethical implications of ZTDNS, emphasizing the blurred line between corporate security and civil security and calling for a deeper examination of the value systems embedded in digital security strategies. ```https://www.schneier.com/blog/archives/2024/05/zero-trust-dns.html