Why is DNS over HTTPS classified as High Risk?

Question

In Application usage report, DNS over HTTPS is classified as High Risk. Why? I would think HTTPS is always preferable. Is it because it imposes limitations on what the firewall can see and control?

Vivek Jagad · Accepted Answer

Hello tscott_16 ,

Thank you for reaching out to the community, because In DNS over HTTPS, the encrypted DNS traffic is not completely invisible to the network admins, which could be an issue. Whereas, in DNS over TLS, the network administrators cannot even see the encrypted DNS traffic.

Learn its impact on Sophos web security products. - https://support.sophos.com/support/s/article/KB-000039056?language=en_US

Why is DNS over HTTPS classified as High Risk?

Top Replies