Webroot® DNS Protection has joined Microsoft, Google, and Mozilla by officially supporting DNS over HTTPS (DoH) to help businesses and MSPs protect their users better than ever before. With our latest enhancements, Webroot DNS Protection now combines the privacy benefits of DoH with the security benefits of DNS-layer protection powered by Webroot BrightCloud® Web Classification intelligence.
Highlights in this release include:
- NEW: Webroot DNS Protection now processes DoH requests natively
New features in this release
Privacy and Security with DNS over HTTPS (DoH)
DNS has been around since 1983 and has worked brilliantly at resolving all internet domain requests for both IPv4 and the newer IPv6 address spaces. However, DNS was not built with privacy or security in mind, as it communicates all requests in clear text.
To make DNS more secure for users, the new DoH protocol encrypts the requests using the same encryption used when connecting to a secure website: HTTPS. All the major browsers are beginning
to support DoH, but adoption is only beginning to take off.
Unfortunately, this advancement can bring security issues if not handled with control. Admins derive considerable value in monitoring and filtering DNS requests. Having applications capable of making DNS requests independently defeats this value by circumventing
the in-place protections. To correctly leverage the advantages of DoH, every DNS request on a must be passed via DoH, applications must be prevented from making rogue DNS requests, and filtering and logging must be maintained.
Native DoH Support
Webroot DNS Protection leverages the advantages of DoH by encrypting and managing the DNS requests for the entire system, and then securely relaying these requests via DoH to the Webroot resolvers. This way, admins retain control of DNS and are able to filter and log, while the user and business benefit from the additional privacy and security.
Webroot DNS Protection service in the future
Throughout the rest of 2020, we will continue to innovate and further take advantage of DoH. Look out for unique, first-time features and capabilities that will now be possible, which will help take DNS Protection from an easy-to-deploy- and-admin security solution, to an industry-leading and powerful security control point.
What do I need to do?
If you are already using DNS Protection, no action is required. The DNS Protection agent will default to communicating using DoH. To protect your entire network, all you need do is ensure your network’s local DNS server supports DoH, and make sure it uses the Webroot DNS server for resolution.
If you are not yet using DNS Protection and want to test it for yourself, log in to your Webroot Business Console to start a free trial today.