Archiv: DoH (DNS over HTTPS)


24.03.2021 - 16:22 [ SecurityMagazine.com ]

Disappearing DNS: DoT and DoH, Where one Letter Makes a Great Difference

(February 6, 2020)

While both offer encryption of DNS data using the same TLS protocol, there are some very important differences:

– Protocol layering: while DoT is essentially DNS over TLS, DoH is in fact DNS over HTTP over TLS.
– Different port numbers: DoT traffic uses a dedicated port 853, and can thus be distinguished at the network layer. DoH uses port 443 (HTTPS) due to the protocol layering.
– Different capabilities: DoT is largely the same DNS as we know it, while DoH to an extent combines features of DNS and HTTP.

24.03.2021 - 15:19 [ HelpNetSecurity.com ]

TLS 1.3: Slow adoption of stronger web encryption is empowering the bad guys

(April 6, 2020)

Asymmetric encryption is used during the “handshake”, which takes place prior to any data being sent. The handshake determines which cipher suite to use for the session – in other words, the symmetric encryption type – so that both browser and server agree. The TLS 1.2 protocol took multiple round trips between client and server, while TLS 1.3 is a much smoother process that requires only one trip. This latency saving shaves milliseconds off each connection.

Another characteristic of TLS 1.3 is that it can operate alongside DNS over HTTPS (DoH).

18.01.2021 - 15:47 [ securitymagazine.com ]

Disappearing DNS: DoT and DoH, Where one Letter Makes a Great Difference

(06.02.2020)

Obviously, time will tell if DoT continues to prevail or whether DoH will start to gain ground. As mentioned at the beginning of the article there is a hot debate going on right now about the direction the Internet industry should take. Suffice to say that even nation state authorities are involved in the debate, which speaks to the level and importance of the discussion.

18.01.2021 - 15:41 [ ZDNET.com ]

NSA warns against using DoH inside enterprise networks

The NSA urges companies to host their own DoH resolvers and avoid sending DNS traffic to third-parties.

18.01.2021 - 15:40 [ National Security Agency / Pentagon ]

Adopting Encrypted DNS in Enterprise Environments

Use of the Internet relies on translating domain names (like “nsa.gov”) to Internet Protocoladdresses. This is the job of the Domain Name System (DNS). In the past, DNS lookups were generally unencrypted, since they have to be handled by the network to direct traffic to the right locations. DNSover Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by using HTTPS to provide privacy, integrity, and “last mile” source authenticationwith a client’s DNS resolver. Itis useful to prevent eavesdropping and manipulationof DNStraffic.While DoH can help protectthe privacy of DNS requests and the integrity of responses, enterprises that use DoH will lose some of the control needed to govern DNS usage within their networksunless they allow only their chosen DoH resolver to be used.Enterprise DNS controlscan prevent numerous threat techniques used by cyber threat actors for initial access, command and control, and exfiltration.

27.11.2020 - 16:36 [ ZDNetcom ]

DNS-over-HTTPS causes more problems than it solves, experts say

(06.09.2020)

The response to DoH’s anointment as a major privacy-preserving solution has been downright acid, in some cases. Critics have taken a jab at the protocol on different plains, which we’ll try to organize and categorize below:

– DoH doesn’t actually prevent ISPs user tracking
– DoH creates havoc in the enterprise sector
– DoH weakens cyber-security
– DoH helps criminals
– DoH shouldn’t be recommended to dissidents
– DoH centralizes DNS traffic at a few DoH resolvers

27.11.2020 - 16:35 [ ZDNet.com ]

Mozilla enables DOH by default for all Firefox users in the US

(25.02.2020)

Circa 2015, engineers at Cloudflare and Mozilla joined forces to create DNS-over-HTTPS, as a way to hide DNS queries using encryption.

27.11.2020 - 16:28 [ securitymagazine.com ]

Disappearing DNS: DoT and DoH, Where one Letter Makes a Great Difference

(06.02.2020)

Obviously, time will tell if DoT continues to prevail or whether DoH will start to gain ground. As mentioned at the beginning of the article there is a hot debate going on right now about the direction the Internet industry should take. Suffice to say that even nation state authorities are involved in the debate, which speaks to the level and importance of the discussion.

12.11.2019 - 16:59 [ Techdirt ]

Mozilla: ISPs Are Lying About Encrypted DNS, Should Have Privacy Practices Investigated

The effort would effectively let Chrome and Mozilla users opt in to DNS encryption — making your browser data more secure from spying and monetization — assuming your DNS provider supports it. Needless to day, telecom giants that have made billions of dollars monetizing your every online behavior for decades now (and routinely lying about it) don’t much like that.

As a result, Comcast, AT&T, and others have been trying to demonize the Google and Mozilla efforts any way they can,

01.06.2019 - 14:29 [ Paul Vixie ‏/ Twitter ]

DoH is an over the top bypass of enterprise and other private networks. But DNS is part of the control plane, and network operators must be able to monitor and filter it. Use DoT, never DoH.

(20.10.2018)