According to best practices for DNS control, what should you do with unknown DNS traffic?

In the context of managing DNS traffic according to best practices, the approach to handling unknown DNS traffic is significantly impactful for maintaining network security. Blocking unknown DNS traffic is a prudent measure because it helps prevent potentially malicious activities from occurring. Unknown DNS traffic can indicate attempts to connect to suspicious or unauthorized domains, which might be associated with malware, phishing attacks, or other security threats.

By implementing a policy to block this type of traffic, organizations minimize their exposure to risks and maintain better control over what is allowed on their networks. Additionally, it mitigates the chance of data exfiltration or the establishment of connections to harmful entities.

While other options like logging or redirecting unknown traffic may contribute to understanding the traffic flow and monitoring the network, they do not actively prevent potential threats in the same way blocking does. Allowing unknown DNS traffic would leave the system vulnerable, while redirecting it to a monitoring tool may still expose the organization to risks if the tool does not provide real-time protection.