Collection: Applications

QNAME minimization’s value proposition is simple. The resolver (the DNS server asking an upstream DNS server to help perform name resolution) won’t ask for the entire FQDN–just the parts that the upstream server in the recursion chain is authoritative for. In this way, privacy is preserved–non-authoritative DNS servers won’t know the exact hostname you’re looking for.

DNS over HTTPS (DoH) is an IETF standard that aims to improve the integrity of name resolution queries and increase security by preventing man-in-the-middle attacks. DoH should also improve user privacy. Enterprises and vendors who rely on DNS information to shape Web access, security, and content filtering must understand DoH and its potential impacts, and anticipate how this standard might affect operations.