US agencies advised to disable third-party DNS services with DNS over HTTPS (DoH) and DNS over TLS (DoT) support. DoH allows DNS resolution requests over encrypted HTTPS connections, while DoT encrypts and wraps all DNS queries via the Transport Layer Security (TLS) protocol instead of using insecure plain text DNS lookups. The Cybersecurity and Infrastructure Security Agency (CISA) encourages vendors’ current efforts to make network traffic encryption the default choice for users. Microsoft has already rolled out DNS-over-HTTPS by default to Firefox users in the U.S. starting February 25, 2020.
Source: https://www.bleepingcomputer.com/news/security/us-govt-agencies-to-disable-doh-until-federal-service-is-ready/