Enforce and ensure the integrity and authenticity of DNS data
TCPWave, a leading DNS solution provider, has added support for DNS over HTTPS (DoH) to enhance privacy protection for its users. Traditional DNS design had limited security features, and while DNSSEC improved some aspects, it still had limitations, such as a lack of traffic encryption and a resource-intensive validation process.
To address these issues, the IETF introduced new standards, including DNS over HTTPS (DoH) in RFC8484. DoH encrypts communication between DNS clients and servers and operates over HTTPS, providing increased privacy. However, it is not meant for server-to-server communication. While DoH offers benefits like encryption and HTTPS utilization, it also raises concerns about privacy, HTTPS dependency, and unique DNS settings in corporate environments.
Malicious DoH clients within a corporate network can create security risks, as IT teams lose visibility into DNS queries made by web browsers over HTTPS. One drawback of DoH's application layer operation is that browser traffic could bypass enterprise DNS controls, potentially hampering the support team's ability to maintain network performance, security, scale, and reliability. To address these issues, TCPWave threat intelligence uses machine learning and artificial intelligence to detect data exfiltration.
Major DNS service providers like Google DNS, CloudFlare, and Quad9 have incorporated DoH into their public offerings. Using a DoH-enabled web browser provides an additional layer of security between users and service providers. Nevertheless, communication between the service provider and the rest of the internet might still be unsecured. By supporting DNS over HTTPS (DoH), TCPWave aims to provide users with enhanced security and privacy in DNS communication, ultimately promoting a safer internet for communication and data exchange.
