https://community.isc2.org/t5/Threats/NSA-Guidance-on-Implementing-Encrypted-DNS/m-p/42592#M236 <P>Beware of third-party DNS resolvers.&nbsp;</P><P>&nbsp;</P><P><SPAN>DoH provides the benefit of encrypted DNS transactions, but it can also bring issues to enterprises, including a false sense of security, bypassing of DNS monitoring and protections, concerns for internal network configurations and information, and exploitation of upstream DNS traffic, NSA officials wrote in&nbsp;</SPAN><A href="https://media.defense.gov/2021/Jan/14/2002564889/-1/-1/0/CSI_ADOPTING_ENCRYPTED_DNS_U_OO_102904_21.PDF" target="_blank" rel="noopener">published recommendations</A><SPAN>.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="NSA recommended enterprise DNS architecture with DoH" style="width: 400px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/5141i93405E2820BDB330/image-size/medium?v=v2&amp;px=400" role="button" title="DoH.PNG" alt="NSA recommended enterprise DNS architecture with DoH" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">NSA recommended enterprise DNS architecture with DoH</span></span></SPAN></P><P>&nbsp;</P> Mon, 09 Oct 2023 09:46:24 GMT AppDefects 2023-10-09T09:46:24Z https://community.isc2.org/t5/Threats/NSA-Guidance-on-Implementing-Encrypted-DNS/m-p/42592#M236 <P>Beware of third-party DNS resolvers.&nbsp;</P><P>&nbsp;</P><P><SPAN>DoH provides the benefit of encrypted DNS transactions, but it can also bring issues to enterprises, including a false sense of security, bypassing of DNS monitoring and protections, concerns for internal network configurations and information, and exploitation of upstream DNS traffic, NSA officials wrote in&nbsp;</SPAN><A href="https://media.defense.gov/2021/Jan/14/2002564889/-1/-1/0/CSI_ADOPTING_ENCRYPTED_DNS_U_OO_102904_21.PDF" target="_blank" rel="noopener">published recommendations</A><SPAN>.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="NSA recommended enterprise DNS architecture with DoH" style="width: 400px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/5141i93405E2820BDB330/image-size/medium?v=v2&amp;px=400" role="button" title="DoH.PNG" alt="NSA recommended enterprise DNS architecture with DoH" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">NSA recommended enterprise DNS architecture with DoH</span></span></SPAN></P><P>&nbsp;</P> Mon, 09 Oct 2023 09:46:24 GMT https://community.isc2.org/t5/Threats/NSA-Guidance-on-Implementing-Encrypted-DNS/m-p/42592#M236 AppDefects 2023-10-09T09:46:24Z