|
|
|
|
|
|
by 0xquad
1975 days ago
|
|
|
They aren't recommending you don't use DoH. Just that you don't allow individual apps to bypass your enterprise resolver. In fact I use the same strategy at home (with DoT) to enforce ad and tracker blocking. It's just common sense really. From the document:
>[...] NSA recommends that the enterprise DNS resolver supports encrypted DNS, such as DoH, and that only that
resolver be used in order to have the best DNS protections and visibility. |
|
|