NSA Suggests Enterprises Use ‘Designated’ DNS-over-HTTPS’ Resolvers

From thehackernews.com

dns-over-https

The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent “numerous” initial access, command-and-control, and exfiltration techniques used by threat actors.

“DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by using HTTPS to provide privacy, integrity, and ‘last mile’ source authentication with a client’s DNS resolver,” according to the NSA’s new guidance.

Proposed in 2018, DoH is a protocol for performing remote Domain Name System resolution via the HTTPS protocol.

Read more…