DNS over HTTPS (DoH) is a safe Domain Name System (DNS) resolution method. If you use DoH, DNS requests are encrypted by using HTTPS. This prevents DNS requests from being monitored or modified.
Impacts
- Unauthorized operations performed by an employee of an enterprise
An employee of an enterprise can access unauthorized domain names by using DoH to bypass detection by access control policies or threat intelligence rules.
- Spreading of worms and trojans
Worms and trojans can query the originating IP addresses of domain names by using DoH. This way, worms and trojans can bypass detection by intrusion prevention rules, access control policies, and threat intelligence rules.
Operations in the Cloud Firewall console
The rules that you can use to disable DoH are in Monitor mode. If you want to disable DoH, you can log on to the Cloud Firewall console, choose , and click Customize in the Basic Protection section. In the Customize Basic Protection Policies dialog box, change the mode of some or all related rules to Block. This prevents or minimizes the preceding impacts in an efficient manner.