Your organization wants to encrypt its DNS queries without having to open any new outbound ports on the corporate firewall. The solution should blend in with ordinary web traffic that already uses TCP port 443 so that encrypted queries are less likely to be blocked or inspected. Which technology should the network administrator deploy?
DNS over HTTPS (DoH) encapsulates DNS queries inside standard HTTPS sessions that use TLS over TCP 443. Because it shares the same port as normal web browsing, it can pass through most firewalls and proxy filters while keeping the queries encrypted in transit.
DNS over TLS (DoT) also encrypts DNS traffic, but it uses the dedicated TCP port 853, so additional firewall rules would be required. DNS Security Extensions (DNSSEC) add digital signatures to validate the authenticity of responses but do not encrypt the traffic itself. Traditional DNS over UDP (port 53) is entirely plaintext and therefore provides no confidentiality.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNS over HTTPS (DoH) and why is it beneficial?
Open an interactive chat with Bash
How does DNS over TLS (DoT) differ from DNS over HTTPS (DoH)?
Open an interactive chat with Bash
What role does DNSSEC play in securing DNS queries?