silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) announced today that it intends to run DoH (DNS-over-HTTPS) and DoT (DNS-over-TLS) DNS resolution servers for official government use, however, it advises agencies to disable DoH and DoT support on employees' browsers until official CISA servers are available.
The agency issued a memorandum [PDF] today to remind government agencies of their legal requirement to use the EINSTEIN 3 Accelerated (E3A) DNS server as the primary DNS resolver for any government workstations and communications.
CISA said the E3A server comes with a sinkholing capability "which blocks access to malicious infrastructure by, in effect, overriding public DNS records that have been identified as harmful."
"The vast majority of agencies already do this, but particularly in light of increased telework, we felt it worth reiterating," the agency said in a press release.