Enabling DNS over HTTPS (DoH) with Thunder CFW

Encryption is the foundation for securing data on the internet. Encrypted HTTP (HTTPS) has one of the largest shares of traffic on the internet today and is now the de facto standard.

Domain Name Server (DNS) traffic, however, has been a clear-pass unencrypted channel on the internet. DNS, defined in the simplest terms, is used to resolve the address of an application on the internet. When the DNS traffic is unencrypted, it is vulnerable to manipulation and privacy exploitation via eavesdropping. Imagine driving an autonomous car and all your neighbors have visibility into and control over your destination.

What is DNS Over HTTPS?

DNS over HTTPS (DoH) enables additional layers of security for DNS traffic. It uses widely adopted technologies like HTTP and Transport Layer Security (TLS) to securely encrypt and transport DNS queries and to pass more control to the applications. DoH for Google Chrome is enabled, and Microsoft announced Windows 10 support in late 2019.

Figure 1: The challenge for service providers: retaining service offerings and compliance with DoH

The challenge for service providers: retaining service offerings and compliance with DoH
Image source: Potential ISP Challenges with DNS over HTTPS

Adopting DNS over HTTPS (DoH) will allow service providers to continue offering critical cyber security services like malware detection, parental control, and compliance with law enforcement. A10 Networks has been collaborating with large service providers to develop and deploy a native DNS over HTTPS (DoH) capability, based on a proposed standard published as RFC 8484 by the Internet Engineering Task Force (IETF).

A10 Networks’ Thunder® CFW DoH capability provides:

Additional Resources

Learn more about enabling DNS over HTTPS:


|
March 5, 2020

About Saurabh Sureka

Saurabh Sureka is director of product management at A10 Networks, where he leads the team developing the scope of the company’s multi-cloud product roadmap and solutions. He works closely with customers and partners to enable and expand the company’s product portfolio. READ MORE