Factsheet DNS monitoring will get harder
New DNS transport protocols make it harder to monitor or modify DNS requests. This is beneficial on today’s untrusted networks. At the same time the shift may render your organisation’s security controls ineffective, expose internal naming or break connectivity. These negative side effects are hard to mitigate at a network level and require mitigation at DNS infrastructure and individual devices.
The NCSC recommends organisations to decide on preferred (DNS) resolvers, configure these on devices under administrative control and take note of the benefits provided by modern DNS transport protocols.