Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

CISA Reminds Federal Agencies to Use Its DNS Service

A memorandum sent by the United States Cybersecurity and Infrastructure Security Agency (CISA) to Chief Information Officers (CIOs) at federal agencies reminds them to use EINSTEIN 3 Accelerated (E3A)’s Domain Name System (DNS) sinkholing capability for DNS resolution.

A memorandum sent by the United States Cybersecurity and Infrastructure Security Agency (CISA) to Chief Information Officers (CIOs) at federal agencies reminds them to use EINSTEIN 3 Accelerated (E3A)’s Domain Name System (DNS) sinkholing capability for DNS resolution.

Working as a phonebook for the Internet, DNS is what facilitates most communications, translating domain names into IP addresses. However, DNS is also often used as an attack vector, which is why it’s important that organizations don’t neglect DNS security.

In the United States, DNS resolution services provided by CISA are mandatory in most federal agencies in the executive branch. Otherwise, agencies no longer benefit from the provided cybersecurity protections, while CISA loses insight.

In the recently issued memo, CISA reminds agencies that their local DNS recursive resolvers should use its DNS service (E3A) as their primary (or ultimate) upstream DNS resolver.

“The vast majority of agencies already do this, but particularly in light of increased telework, we felt it worth reiterating. In most instances where agencies bypass our protections, the reasons for non-use are well-intentioned,” Bryan Ware, assistant director at CISA, points out.

In some cases, agencies employ other protections that CISA currently does not offer or does not support. The direct use of mobile devices and cloud infrastructure are some of these cases, while others include encrypted DNS resolution services such as DNS over HTTPS (DoH) and DNS over TLS (DoT).

E3A does not currently offer encrypted DNS resolution, but CISA plans to provide a DNS resolution service with support for DoH and DoT, which are already supported by various Internet organizations out there (including Mozilla and Google, which added DoH to Firefox and Chrome).

“CISA encourages efforts to make network communications encrypted by default. Doing so increases user security, making it harder for attackers to monitor and modify communication,” Christopher C. Krebs, the director of CISA, says.

According to CISA, the approaches taken by Mozilla, Google, and others are “thoughtful, and can increase the security and privacy of their users.” Moreover, the agency believes that the use of encrypted DNS resolution will result in updates to how organizations protect users from malicious DNS traffic.

“Until DoH and DoT resolution services are available from CISA, set and enforce enterprise-wide policy for installed browsers to disable DoH use,” the memo reads.

CISA also recommends that agencies configure their local DNS recursive resolvers to utilize well-known public resolvers as fallback, such as those from Cisco ( and, Cloudflare ( and, Google ( and, and Quad9 ( and

In addition to making recommendations, the memo reveals that CISA will provide reports on potential DNS traffic anomalies, and that it will evaluate the state of federal DNS security in six months, when it will also consider additional actions, if necessary.

Related: House Committee Passes Bills Improving CISA Leadership and Authority

Related: Patching Pulse Secure VPN Not Enough to Keep Attackers Out, CISA Warns

Related: CISA Announces Open Source Post-Election Auditing Tool

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...