NSA Releases Guidance on ‘DNS Over HTTPS’ Cybersecurity Approach

NSA Releases Guidance on ‘DNS Over HTTPS’ Cybersecurity Approach

The National Security Agency (NSA) has issued a guidance on the implementation, benefits and disadvantages of using a form of encrypted Domain Name System to fortify user privacy and authentication procedures.

NSA said in the guidance that DNS over Hypertext Transfer Protocol over Transport Layer Security (DoH) can help prevent DNS traffic breaches and system manipulation resulting from unauthorized access.

DoH uses external “resolvers” to support security functions for remote networks that don't have DNS security controls. The cybersecurity technique can also be used by enterprise networks through an externally hosted service or enterprise-based DNS server, the guidance states.

However, DoH can also result in issues such as breaches in upstream DNS traffic, configuration vulnerabilities in internal networks and a “false sense of security”, according to the notice.

NSA’s recommendations include blocking out all other unauthorized DoH resolvers, utilizing a virtual private network, leveraging DNS logs and validating Domain Name System Security Extensions.

You may also be interested in...

Gen. John Hyten

Gen. John Hyten: MDA Must Realign R&D Priorities With Core Mission

Gen. John Hyten, vice chairman of the Joint Chiefs of Staff, has said the Missile Defense Agency (MDA) must focus on next-generation concepts and align their capabilities with the core mission. He added that the MDA must revitalize collaboration with the Joint Requirements Oversight Council to inform requirements for air and missile defense.