Be prepared for DoT and DoH: fact sheet available

NCSC publishes fact sheet DNS monitoring gets harder. New DNS transport protocols (DoH, DoT) make it more difficult to monitor or modify DNS requests. This is valuable because networks often cannot be trusted. At the same time, it can render existing security measures ineffective, reveal internal naming or interrupt connectivity. These negative side effects can hardly be mitigated at the network level. They require mitigation in DNS infrastructure and on individual devices.

NCSC October 3, 2019

News

Encrypted transport methods for DNS (DoT, DoH) are becoming more popular. More and more software no longer uses system-level DNS resolution. Your organization may have unknowingly delegated responsibility for DNS resolution to a third party. This may result in security measures becoming ineffective, internal name resolution being revealed or connectivity being interrupted.

The NCSC has the following advice for organizations:

Designate preferred (DNS) resolvers;
Configure these preferred resolvers on all devices under management;
Take note of the improvements available in modern DNS transport methods.

Additional details and action perspective is available in the fact sheet DNS monitoring is getting harder.

This news item can also be found in the Information Security file

Comments

MORE REACTIONS

Phishers proberen het vooral via de bekende weg

News/press release

AP helpt zorginstanties met verwerking gezondheidsgegevens in de cloud

News/press release

Rijksmedewerkers gaan beter om met overheidsinformatie

News/press release

Rekenkamer waarschuwt: quantum kan overheidssystemen kraken

News/press release

71% van de Rijksoverheidsorganisaties is nog niet begonnen met de voorbereidingen om zich te beschermen tegen de dreiging van quantumcomputers. Dat zegt de Algemene Rekenkamer in het...

Dutch open door for criminals online

News/press release

Rijksoverheid