Why is DNS over HTTPS classified as High Risk?

Hello tscott_16 ,

Thank you for reaching out to the community, because In DNS over HTTPS, the encrypted DNS traffic is not completely invisible to the network admins, which could be an issue. Whereas, in DNS over TLS, the network administrators cannot even see the encrypted DNS traffic.

Learn  its impact on Sophos web security products. - https://support.sophos.com/support/s/article/KB-000039056?language=en_US

After the last round of browser updates for Chrome, Safari and Firefox, it seems they no longer fall back to regular DNS as stated in the article "Blocking DoH will generally cause browsers to fall back to use the regular system DNS". I have sites now that just fail with this policy turned on.

Regards,

Gary

After the last round of browser updates for Chrome, Safari and Firefox, it seems they no longer fall back to regular DNS as stated in the article "Blocking DoH will generally cause browsers to fall back to use the regular system DNS". I have sites now that just fail with this policy turned on.

Regards,

Gary