DNS Security Roundtable: DNS-over-HTTPS Discussion

Join the Security Field Day delegates and a special guest from EfficientIP as they discuss the latest security protocol to attempt to secure DNS, DNS-over-HTTPS. Does it help? Or is it more trouble than it’s worth?

In this roundtable discussion, the panel delves into the complexities and implications of DNS-over-HTTPS (DoH) as a security measure for DNS traffic. While DoH aims to secure DNS queries by encrypting them over HTTPS, it presents significant challenges, particularly for enterprise environments. The panelists highlight that DoH can disrupt existing cybersecurity tools and practices, such as packet inspection and DNS filtering, which are crucial for maintaining network security and preventing access to malicious sites. They also discuss the potential performance issues and the centralization of DNS traffic, which could make it easier for entities like Google or Cloudflare to collect and analyze user data. The conversation touches on the need for enterprises to manage and possibly disable DoH to maintain control over their DNS traffic, while also considering alternatives like DNS-over-TLS (DoT). The discussion underscores the importance of having a trusted resolver infrastructure and the complexities of implementing such protocols in both corporate and home environments. The panel concludes by contemplating the need for best practices and standards to guide the secure implementation of these new protocols, balancing the benefits of encryption with the practical needs of network management and security.