DNS Security & DoH
Jul 28, 2022
We’re pleased to announce Twingate’s first capability to protect user privacy and improve security posture on any network by automatically encrypting DNS traffic. Despite advancements to protect DNS such as DNSSEC, the vast majority of DNS requests are still both unencrypted and unvalidated, and hence vulnerable to a range of exploits from data collection to DNS poisoning and phishing.
A solution to the problem of unencrypted DNS traffic already exists in the form of DNS-over-HTTPS (DoH), which simply encapsulates standard DNS requests into HTTPS requests, hiding the contents of the requests from third parties. The Twingate Client’s transparent DNS proxy not only enables configurationless private DNS resolution, but it also allows us to offer automatic DoH protection for the entire operating system. Any DNS request on a user’s device, both foreground and background, will be encrypted, regardless of the application, and automatically forwarded to a trusted DoH resolver.
Enabling DoH for your users in Twingate is very simple. Simply turn on DoH in the “DNS Security” section in your Admin Console Settings page, and any macOS, Windows, or Linux users will automatically have DoH protection enabled. Select from a number of trusted DoH resolvers, or use the custom resolver option to use your existing DoH provider, which can also be used to enable DNS filtering for all Twingate users automatically.