The Domain Name System translates the names users type into a browser to numerical IP addresses and connects them to their destinations through a protocol of queries and replies. But the system can be manipulated by malicious actors. Encryption services such as DNS over Hypertext Transfer Protocol over Transport Layer Security, or DNS over HTTPs, can make it harder for threat actors to make out their target traffic.
“Protective DNS” (PDNS) is different from earlier security-related changes to DNS in that it is envisioned as a security service – not a protocol – that analyzes DNS queries and takes action to mitigate threats, leveraging the existing DNS protocol and architecture,” reads a guide the National Security Agency and Cybersecurity and Infrastructure Security Agency published jointly this month.
https://www.nextgov.com/cybersecuri...stem-incorporating-threat-information/172688/
“Protective DNS” (PDNS) is different from earlier security-related changes to DNS in that it is envisioned as a security service – not a protocol – that analyzes DNS queries and takes action to mitigate threats, leveraging the existing DNS protocol and architecture,” reads a guide the National Security Agency and Cybersecurity and Infrastructure Security Agency published jointly this month.
https://www.nextgov.com/cybersecuri...stem-incorporating-threat-information/172688/