On the Impact of DNS Over HTTPS Paradigm on Cyber Systems
Kimo Bumanglag, Houssain Kettani
Abstract
The Domain Name System (DNS) protocol has been in use for over thirty years. As the primary method of resolving domain names to Internet Protocol (IP) addresses, it is a fundamental component of the Internet. Despite its position of importance, the protocol lacks built-in security mechanisms to address confidentiality, integrity, or availability. Malware can use DNS to fulfill attacker objectives, such as establishing command and control (C2) or exfiltrating data. Various enhancements have been implemented in an attempt to address security after-the-fact. The latest such enhancement is DNS over HTTPS. Methods have also been developed to detect malware's use of DNS. In this paper, we review the weaknesses of the DNS protocol and how malware has abused those weaknesses, enhancements to DNS security, and how malware uses DNS and how that use is detected, with a special emphasis on the effects that DNS over HTTPS may have on an organization's security.