Despite the rapid evolution of internet standards and an increasing amount of encryption, there's one aspect of our daily online world that hasn't changed that much in its nearly four decades of breath. That, of course, is DNS. We don't tend to think about it often, which is probably, why it hasn't evolved as much as other things, but it truly is the heart and backbone of everything we do online. That is unless you want to memorize "2607:f8b0:400a:0804:0000:0000:0000:2004" as the way to access Google, you had better have a working DNS. But DNS is inherently insecure: it's shown to be vulnerable to all manner of attacks, and this discussion specifically also exposes where you're going. That is, while the HTTP payload may be encrypted, there's still that (visible) DNS request that goes out first. That's not to say that there haven't been any improvements, though. DNSSEC was developed to help secure DNS and prevent spoofing. In the many years since its introduction, DNSSEC still isn't as widespread as hoped. DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) are more recent developments that focus mainly on the privacy aspect of DNS communications (or lack thereof). With DoH and DoT, clients and servers forego the typical DNS protocol request over UDP or TCP port 53 and embed the request inside an encrypted HTTPS or pure TLS connection.
Join us in an interactive live demo exploring one of the many advanced use cases of SSL Orchestrator.