The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent “numerous” initial access, command-and-control, and exfiltration techniques used by threat actors.
“DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by using HTTPS to provide privacy, integrity, and ‘last mile’ source authentication with a client’s DNS resolver,” according to the NSA’s new guidance.
Proposed in 2018, DoH is a protocol for performing remote Domain Name System resolution via the HTTPS protocol.
One of the major shortcomings with current DNS lookups is that even when someone visits a site that uses HTTPS, the DNS query and its response is sent over an unencrypted connection, thus allowing third-party eavesdropping on the network to track every website a user is visiting.
Even worse, the setup is ripe for carrying out man-in-the-middle (MiTM) attacks simply by changing the DNS responses to redirect unsuspecting visitors to a malware-laced site of the adversary’s choice.
Thus by using HTTPS to encrypt the data between…