The U.S. National Security Agency has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic. Although the agency's report is geared toward the military and defense contractors, its recommendations can be adopted in all sectors.
Using DNS over HTTPS, or DoH, in enterprise environments encrypts and helps hide DNS queries from third parties who might attempt to spy or manipulate network traffic, the NSA says.
"DNS translates domain names in URLs into IP addresses, making the internet easier to navigate,” the NSA notes. “However, it has become a popular attack vector for malicious cyber actors. DNS shares its requests and responses in plaintext, which can be easily viewed by unauthorized third parties.”