Jump to content
katycomputersystems

DNS Queries over HTTPS (DoH)

Recommended Posts

What impact will DNS Queries over HTTPS (DoH) have on End Point Security?

Currently, you protect our endpoints from malicious sites, when DoH becomes the norm, browsers will bypass the OS. essentially providing DNS lookups on their own.

Share this post


Link to post
Share on other sites

If it becomes a popular standard, we should support it. I'd say it's too early now to speculate about it and we'd tell more in due course.

Share this post


Link to post
Share on other sites
Posted (edited)

I am using DoH  option in FireFox Quantum ver. 68 via default use of Clouldflare DNS servers. No issues to date using EIS ver. 12.1.34 running on Win 10 x(64) 1809.

As best as I can determine via testing and Eset alerts, Eset's SSL/TLS filtering protection is fully functional with Firefox DoH use. In reality, Eset doesn't monitor UDP port 53 DNS activity other than what is provided by default firewall rules. Therefore, DoH using HTTPS is more secure.

-EDIT- To further clarify, Windows DNS service only performs DNS resolution to existing cached DNS resolved entries. Actual initial DNS resolution is performed from the router via ISP lookup or alternatively, via third party DNS servers specified in network adapter IPv4/IPv6 settings. The Windows DNS cache is then updated from this resolution.

Note that Windows DNS cache poisoning attacks have been an ongoing issue: https://www.howtogeek.com/161808/htg-explains-what-is-dns-cache-poisoning/ . Note that Eset's IDS protection should be able to detect a DNS poisoning attack.

-EDIT- In regards to DoH specifically, it is no longer "bullet proof." The first malware against it was just recently discovered; https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/ . Luckily, Eset also detects this one.

Edited by itman

Share this post


Link to post
Share on other sites

The current pressing issue is regards to DNS is DNS hijacking of which DoH is only marginally effective against: https://www.bleepingcomputer.com/news/security/ncsc-issues-alert-about-active-dns-hijacking-attacks/ . Immediate due diligence needs to be performed to ensure routers/gateways are properly secured.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...