For effective zero trust, controlling which devices can access which apps and domains is vital. Doing that through authentication or applying domain deny listing (blacklisting) to all devices leaves the door open to malware. Intelligent control requires filtering at the client level (microsegmentation) which is complex to set up and manage using firewalls, but can be done more simply via DNS, providing a security barrier at the earliest point in the traffic flow.
