Android P introduces a new “Private DNS” feature.
While not really contributing to user privacy, I think it may be useful for enterprises.
Here are the possible use cases that I could quickly come up with:
- Preventing harvesting DNS traffic (requires DNSSEC or TLS-DNS servers and can be also be achieved via VPN, so not really)
- Preventing DNS hijacking by rogue DHCP servers (a very typical hotspot attack, where a rogue DHCP server gives you a DNS server that will resolve all hotnames into the attacker’s machine, service exploits and fake logon pages)
- Integrating with company’s DNS-based security/reputation services, such as OpenDNS and the like
It is unclear, though, if this will be controllable via MDM, and if this can be hidden from the user (w/o resorting to blocking the entire Settings app). If not - may be another pain point
What are your thoughts?