Businesses that use encrypted DNS over HTTPS services run the risk of creating a false feeling of security and possibly even breaking their own DNS-monitoring systems, according to a warning from the US National Security Agency (NSA).

DNS over HTTPS (DoH), which shields DNS traffic between a client and a DNS resolver from illegal access, has grown in popularity as a means of enhancing privacy and integrity. This may lessen the possibility of DNS traffic manipulation and eavesdropping.

You might be interested in: Fortinet Identifies Severe SQL Injection Vulnerability In FortiClientEMS Software

The US security agency stated in a recent report that while these services are helpful for users at home, on the go, and on networks without DNS rules, they are not advised for the majority of businesses.

The NSA claimed that DoH is “not a panacea” because it does not ensure that threat actors cannot view a client’s online activities.

The paper stated that DoH is expressly made to encrypt only the DNS transaction between the client and resolver—not any other communication that occurs after the query is answered.

Although this enables customers to receive an IP address in secret based on a domain name, cyber-threat actors can also obtain information by monitoring a client’s connection after the DNS request, for example, without directly reading the DNS request.

Furthermore, DoH can impede network monitoring systems that are intended to identify unusual activities in DNS traffic.

Because DoH encrypts DNS communication, businesses are unable to use these network-based technologies to monitor DNS unless they are intercepting and examining TLS data. Inspection can still take place at the resolver or through the use of resolver logs if DoH is employed in conjunction with the corporate resolver, the paper went on.

“But, there might be problems seeing that encrypted DNS traffic if external DoH resolvers are not blocked and DoH is enabled on the user’s browser or OS to use a different resolver.”

The NSA cautioned that malware can potentially employ DoH to conceal its C&C communications flow.

The organization advised businesses that make use of monitoring technologies to stay away from DoH within their networks.



Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center