Security News > 2020 > May > CISA Reminds Federal Agencies to Use Its DNS Service
A memorandum sent by the United States Cybersecurity and Infrastructure Security Agency to Chief Information Officers at federal agencies reminds them to use EINSTEIN 3 Accelerated's Domain Name System sinkholing capability for DNS resolution.
In the United States, DNS resolution services provided by CISA are mandatory in most federal agencies in the executive branch.
In the recently issued memo, CISA reminds agencies that their local DNS recursive resolvers should use its DNS service as their primary upstream DNS resolver.
The direct use of mobile devices and cloud infrastructure are some of these cases, while others include encrypted DNS resolution services such as DNS over HTTPS and DNS over TLS. E3A does not currently offer encrypted DNS resolution, but CISA plans to provide a DNS resolution service with support for DoH and DoT, which are already supported by various Internet organizations out there.
In addition to making recommendations, the memo reveals that CISA will provide reports on potential DNS traffic anomalies, and that it will evaluate the state of federal DNS security in six months, when it will also consider additional actions, if necessary.