I’d love to hear some thoughts on how to implement effective egress control using DNS-based policies. Each ‘knob’ for control seems to each have deficiencies, Route53 firewall, AWS NFW 80/443 filtering using SNIs, and Suricata rules each have capabilities, but also have gaps…