dns is still the weakest link in most ppl's security chain, can't believe how many orgs are still using unencrypted queries and trusting isp-provided dns servers, wtf