To gain the most security value from ZTDNS, system admins will need to enumerate the expected domains and/or IP ranges they expect their clients to connect to,” Jake Williams wrote. “Failure to do so will result in self-inflicted denial of service.”
Glad I'm on Linux/macos at home/work.
Wtf is happening.
It's a security feature. Microsoft is not breaking anything. It's the sysadmin that could accidentally break their own stuff if they don't set it up correctly.
They don't even have to set it up if they don't want too.
These critics have never contended with networks of thousands of workstations/users.
This will be a massive help in the SMB space, where you can't lock down machines as much as you do in Enterprise, and end-users don't have the support of a large help desk.