NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks | SC Media
Architecture, Network security

NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks

January 15, 2021
NSA advises security pros to use designated enterprise DNS resolvers to lock down DoH on corporate networks. @mjb CreativeCommons (Credit: CC BY-NC-ND 2.0)
  • Only use the enterprise DNS resolver and disable all others.
  • Block unauthorized DoH resolvers and traffic.
  • Tap [[or rely on]] host and device DNS logs.
  • Consider a VPN for additional privacy protection.
  • Validate DNSSEC and use protective DNS capabilities.
prestitial ad