Tag: DNS over HTTPS (DoH)
Taking Control of DNS over HTTPS
For decades, enterprise security relied on a simple truth: if you control Port 53, you can see where your users are going. Every DNS query left the network in plaintext, straightforward to log, filter, and block. DNS over HTTPS (DoH), standardized in RFC 8484 [2], broke that model by wrapping name resolution inside standard HTTPS…
DNS over HTTPS: One problem solved, but a bunch of new ones created…
In the course of attending the lecture “Secure Systems” I became aware of a blog post by Geoff Huston on how the Domain Name System (DNS) handles “no such domain name” (NXDOMAIN) responses and which possible attack vectors could result from this. His analysis showed how little effort is necessary to perform a Denial of…