Updated: May 9, 2021
What is DoH ?
DNS over HTTPS is a protocol for performing remote Domain Name System resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.
What are the Pros and Cons of DoH?
It prevents man-in-the-middle attacks – since DNS queries are traditionally sent in plain-text, DoH can reduce the risk of man in the middle attacks where someone can see what DNS queries you are running between you and your recursive server because it encrypts your queries.
The encryption with DoH can protect sensitive information that DNS hijacking methodologies employ and obfuscate data that could be sniffed by third-party observers and ISPs.
Because DoH centralizes DNS traffic to a few DoH enabled servers, load time performance is typically improved.
It overrides any sort of DNS filtering your network is doing to provide insight into security and your network info
It provides a different experience from web browsing and to the rest of your computer and network. You might have some DNS packets going to one recursive server and then some going through your network settings, so you may have a different experience from browser to the rest of your network.
It weakens cyber-security. By encrypting DNS queries, companies using DNS monitoring for cybersecurity measures will lose visibility into data such as query type, response and originating IP that are used to determine bad actors.
There’s a major change coming to web browsers everywhere, and it’s going to fundamentally change how network monitoring works. DNS over HTTPS, or DoH, encrypts DNS traffic to make it invisible to third-party observers on the network. It’s already available in every major browser — and is or soon will be turned on by default in many browsers, including the dominant Google Chrome and Firefox and Microsoft Edge. Check out the link below to enable HTTPS in Microsoft Edge
How Get Visibility Even into Encrypted DNS?
In order to maintain your visibility into DNS traffic, you need a decryption solution that works on DoH. You may or may not be using decryption today, but the increasing prevalence of DoH traffic will mean that without this capability, you’ll be in the dark. One such product is Gigamon GigaSmart SSL/TLS Decryption.
-Input sources -Gigamon ,ISC2 Bright Talk.
Watch out for our next Blog on DoT (DNS over TLS)