Jump to content

DNS Queries over HTTPS (DoH)


Recommended Posts

What impact will DNS Queries over HTTPS (DoH) have on End Point Security?

Currently, you protect our endpoints from malicious sites, when DoH becomes the norm, browsers will bypass the OS. essentially providing DNS lookups on their own.

Link to comment
Share on other sites

  • Administrators

If it becomes a popular standard, we should support it. I'd say it's too early now to speculate about it and we'd tell more in due course.

Link to comment
Share on other sites

I am using DoH  option in FireFox Quantum ver. 68 via default use of Clouldflare DNS servers. No issues to date using EIS ver. 12.1.34 running on Win 10 x(64) 1809.

As best as I can determine via testing and Eset alerts, Eset's SSL/TLS filtering protection is fully functional with Firefox DoH use. In reality, Eset doesn't monitor UDP port 53 DNS activity other than what is provided by default firewall rules. Therefore, DoH using HTTPS is more secure.

-EDIT- To further clarify, Windows DNS service only performs DNS resolution to existing cached DNS resolved entries. Actual initial DNS resolution is performed from the router via ISP lookup or alternatively, via third party DNS servers specified in network adapter IPv4/IPv6 settings. The Windows DNS cache is then updated from this resolution.

Note that Windows DNS cache poisoning attacks have been an ongoing issue: https://www.howtogeek.com/161808/htg-explains-what-is-dns-cache-poisoning/ . Note that Eset's IDS protection should be able to detect a DNS poisoning attack.

-EDIT- In regards to DoH specifically, it is no longer "bullet proof." The first malware against it was just recently discovered; https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/ . Luckily, Eset also detects this one.

Edited by itman
Link to comment
Share on other sites

The current pressing issue is regards to DNS is DNS hijacking of which DoH is only marginally effective against: https://www.bleepingcomputer.com/news/security/ncsc-issues-alert-about-active-dns-hijacking-attacks/ . Immediate due diligence needs to be performed to ensure routers/gateways are properly secured.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...