Android P Private DNS - Enterprise use cases

Android P introduces a new “Private DNS” feature.

While not really contributing to user privacy, I think it may be useful for enterprises.
Here are the possible use cases that I could quickly come up with:

  1. Preventing harvesting DNS traffic (requires DNSSEC or TLS-DNS servers and can be also be achieved via VPN, so not really)
  2. Preventing DNS hijacking by rogue DHCP servers (a very typical hotspot attack, where a rogue DHCP server gives you a DNS server that will resolve all hotnames into the attacker’s machine, service exploits and fake logon pages)
  3. Integrating with company’s DNS-based security/reputation services, such as OpenDNS and the like

It is unclear, though, if this will be controllable via MDM, and if this can be hidden from the user (w/o resorting to blocking the entire Settings app). If not - may be another pain point :slight_smile:

What are your thoughts?

I’ve had a few use cases for OpenDNS on shared mobile devices, hope this feature can be managed via MDM