US National Security Agency (NSA) says companies should avoid using third party DNS resolvers to block threat actors’ DNS traffic eavesdropping and manipulation attempts. NSA’s recommendation was made in a new advisory on the benefits (and risks) of using DNS over HTTPS (DoH) in enterprise environments. DoH allows DNS resolution requests over encrypted HTTPS connections, while DoT will wrap all DNS queries using the Transport Layer Security (TLS) protocol instead of using insecure plain text DNS lookups. NSA urges enterprise network administrators to disable and block all other DNS services besides their organizations’ dedicated ones.
Source: https://www.bleepingcomputer.com/news/security/nsa-advises-companies-to-avoid-third-party-dns-resolvers/