NSA Recommends Using Only ‘Designated’ DNS Resolvers
The National Security Agency recommended that enterprises use only their designated DNS resolver in DNS traffic and avoid third-party resolvers. Domain Name System technology, or DNS over HTTPS, DoH, can be abused by attackers. Companies using only their designated DNS server is the safest route and all other resolvers should be disabled and blocked according to the NSA.
DHS, a server that converts domain names into IP addresses on the internet, has increased in popularity in the attack vector. Enterprise DNS controls can prevent numerous threats used by cyber threat actors for access, command, control and exfiltration of servers.