, Network security
NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks
- Only use the enterprise DNS resolver and disable all others.
- Block unauthorized DoH resolvers and traffic.
- Tap [[or rely on]] host and device DNS logs.
- Consider a VPN for additional privacy protection.
- Validate DNSSEC and use protective DNS capabilities.