Factsheet DNS Encryption

Modern, encrypted DNS transport protocols make it difficult to monitor and intercept DNS traffic for detection and mitigation purposes, for example inside corporate networks. On the one hand this poses challenges for system and network administrators. On the other hand it brings great security benefits to end-users and organizations. DNS encryption is closing the loop in one of the last protocols that was widely unencrypted, solving an important piece in the zero trust puzzle. NCSC advices organizations to familiarize themselves with encrypted DNS, start planning a transition to encrypted DNS infrastructure and configure endpoints to strictly adhere to explicitly configured DNS resolvers.