Improve Privacy and Security

Enforce and ensure the integrity and authenticity of DNS data

TCPWAVE

Encrypt the traffic between your browser and your DNS resolver with DoH

TCPWave, a leading DNS solution provider, has added support for DNS over HTTPS (DoH) to enhance privacy protection for its users. Traditional DNS design had limited security features, and while DNSSEC improved some aspects, it still had limitations, such as a lack of traffic encryption and a resource-intensive validation process.

IPAM
Navigating the New IETF Standards

To address these issues, the IETF introduced new standards, including DNS over HTTPS (DoH) in RFC8484. DoH encrypts communication between DNS clients and servers and operates over HTTPS, providing increased privacy. However, it is not meant for server-to-server communication. While DoH offers benefits like encryption and HTTPS utilization, it also raises concerns about privacy, HTTPS dependency, and unique DNS settings in corporate environments.

Mitigating Security Risks in Corporate Network

Malicious DoH clients within a corporate network can create security risks, as IT teams lose visibility into DNS queries made by web browsers over HTTPS. One drawback of DoH's application layer operation is that browser traffic could bypass enterprise DNS controls, potentially hampering the support team's ability to maintain network performance, security, scale, and reliability. To address these issues, TCPWave threat intelligence uses machine learning and artificial intelligence to detect data exfiltration.

IPAM

Major DNS service providers like Google DNS, CloudFlare, and Quad9 have incorporated DoH into their public offerings. Using a DoH-enabled web browser provides an additional layer of security between users and service providers. Nevertheless, communication between the service provider and the rest of the internet might still be unsecured. By supporting DNS over HTTPS (DoH), TCPWave aims to provide users with enhanced security and privacy in DNS communication, ultimately promoting a safer internet for communication and data exchange.