Amazon Route 53 Resolver recently announced the integration of DNS over HTTPS (DoH) protocol, which improves privacy and security in DNS resolutions by encrypting data exchanged through the DoH client and the DoH-based DNS resolver. This aligns with the principles of zero-trust architecture, where all network traffic is encrypted, and no system within or outside the security perimeter is inherently trusted. This is designed to mitigate the risks associated with eavesdropping and manipulation of DNS data.
Amazon Route 53 Resolver’s support for DoH allows users to resolve DNS queries in hybrid cloud environments, facilitating access for AWS services from various points within the hybrid network. With the flexibility to specify protocols such as Do53, DoH, and DoH-FIPS, users can tailor their configurations to suit their specific security and compliance requirements. Additionally, the platform allows users to seamlessly set up forwarding rules, directing DNS queries to designated DNS servers based on predefined domains.
Users can utilise the Route 53 console to create and configure inbound and outbound endpoints, selecting the desired protocols and setting up IP addresses for DNS queries across multiple Availability Zones and subnets. By adopting DoH, users can ensure that DNS resolutions within their hybrid environments are encrypted, thereby bolstering security measures.
It is worth noting that the DNS over HTTPS support for Amazon Route 53 Resolver is now available across all AWS Regions, including GovCloud Regions and Regions based in China. There are no additional costs associated with utilising DoH with Resolver endpoints, and users are encouraged to refer to Route 53 pricing for further details.
This Amazon Route 53 Resolver update aligns with security best practices as set by industry giants like CloudFlare, providing a robust solution for secure DNS resolutions while maintaining efficiency.
First announced on AWS in December 2023. – Amazon Route 53 Resolver Endpoints now supports DNS-over-HTTPS (DoH)
