CyberNews Briefs

NSA Recommends Smart Use of DNS Resolvers

From Dark Reading:

The National Security Agency recommended that enterprises use only their designated DNS resolver in DNS traffic and avoid third-party resolvers. Domain Name System technology, or DNS over HTTPS, DoH, can be abused by attackers. Companies using only their designated DNS server is the safest route and all other resolvers should be disabled and blocked according to the NSA.

DHS, a server that converts domain names into IP addresses on the internet, has increased in popularity in the attack vector. Enterprise DNS controls can prevent numerous threats used by cyber threat actors for access, command, control and exfiltration of servers. 

Read more on what Dark Reading thinks here at: NSA Recommends Using Only ‘Designated’ DNS Resolvers

We have been tracking the smart use of DNS configuration and managed DNS services for decades and keep our own lists of recommended services. We like this NSA study but would mention that their methodology, as they explain themselves, was to only look at firms that are contracting with the Federal Government. For small to mid-sized businesses and local/state level governments and for home use we actually recommend a different DNS resolver: Quad9.  Read more at: This one little configuration change will make it harder for people to steal your information.

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.