In the intervening years since its initial creation, there have been several motions to help secure DNS traffic. One of the first widespread efforts was DNSSEC. It was designed to use cryptographic signatures to help verify the authenticity of the responding DNS resolver and its data.

While work on this standard started in the 1990s, it has taken some time to achieve widespread adoption, and we’re still not there yet. Additionally, while this measure helped ensure communication with legitimate resolvers, it still did not address issues of privacy since the responses are still in plain text.

Know more @ computer technician skills

The next big leap was DNS over TLS (DoT), which was designed to allow the connection to be made securely over port 853, using TLS, between a DNS client and the resolver it communicated with. This essentially allowed the resolver to first be verified, preventing any interference with the DNS request and affirming the identity of the resolving DNS server.

The query and response were also encrypted, meaning the traffic could not be snooped by bad actors. But that had a somewhat slow adoption rate globally as well, and many organizations continued to use standard DNS over port 53, because it’s the default configuration for the protocol and is easy to set up and troubleshoot.