[dns-operations] "A New Needle and Haystack: Detecting DNS over HTTPS Usage" (SANS)

Paul Vixie paul at redbarn.org
Tue Sep 10 21:36:30 UTC 2019

 A New Needle and Haystack: Detecting DNS over HTTPS Usage
STI Graduate Student Research
by Drew Hjelm - September 10, 2019 

Encrypted DNS technologies such as DNS over HTTPS (DoH) give users new means 
to protect privacy while using the Internet. Organizations will face new 
obstacles for monitoring network traffic on their networks as users attempt to 
use encrypted DNS. First, the paper presents several tests to perform to 
detect encrypted DNS using endpoint tools and network traffic monitoring. The 
goal of this research is to present several controls that organizations can 
implement to prevent the use of encrypted DNS on enterprise networks.



More information about the dns-operations mailing list