Google announced a major security enhancement to its public Domain Name Service (DNS), the most widely used public DNS recursive resolver service used on the internet.
“Starting today, users can secure queries between their devices and Google Public DNS with DNS-over-TLS, preserving their privacy and integrity,” Google stated in a blog post on Wednesday.
The DNS service is used to resolve or convert internet domain names (e.g., www.securezoo.com) into internet IP addresses required by email apps or web browsers.
When users lookup domains via DNS queries, the search information can expose sensitive information in clear text and be open to spoofing attacks.
To address security concerns, Google now offers the DNS-over-TLS protocol as a new standard to improve security and privacy for DNS traffic between users and DNS resolvers. Connections to Google Public DNS can now be encrypted over TLS, similar to HTTPS web connections.
“We implemented the DNS-over-TLS specification along with the RFC 7766 recommendations to minimize the overhead of using TLS. These include support for TLS 1.3 (for faster connections and improved security), TCP fast open, and pipelining of multiple queries and out-of-order responses over a single connection,” Google noted.
Google also mentioned Android 9 (Pie) devices can already use DNS-over-TLS today. Google also provided instructions on how to configure other devices to use the Google Public DNS.
- TLS 1.3 protocol is officially standard
- OpenSSL patches High risk vulnerability (CVE-2020-1967)
- NSA issues new guidance on encrypted DNS
- Microsoft July 2020 Security Updates and patch for ‘Wormable’ RCE Vulnerability in Window DNS Server
- New DNS hijacking campaign
- DNSpionage campaign delivers Karkoff malware
- “Sea Turtle” DNS hijacking campaign
- DNS hijacking cyber attacks on domains worldwide