{"id":2629,"date":"2016-07-19T08:00:04","date_gmt":"2016-07-19T08:00:04","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=2629"},"modified":"2020-05-06T10:28:05","modified_gmt":"2020-05-06T17:28:05","slug":"dns-encryption-point-counterpoint","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/","title":{"rendered":"DNS Encryption: Point\/Counterpoint"},"content":{"rendered":"<p><em>Thanks to Edward Snowden and others, the way governments deal with cybersecurity monitoring has become more top-of-mind in the industry than ever before. The question is: how \u2013 and whether \u2013 governments should monitor data transmissions. This raises the thorny issue of encryption \u2013 an issue that is now extending to the Domain Name System (DNS).<\/em><\/p>\n<p><em>Government agencies are moving toward conducting what\u2019s called pervasive monitoring of computer communications. Reaction to that comes from the Internet Engineering Task Force (IETF), which \u2013 believing that information should be protected from snooping \u2013 has developed the DNS PRIVate Exchange (<\/em><a href=\"https:\/\/datatracker.ietf.org\/wg\/dprive\/charter\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><em>DPRIVE<\/em><\/a><em>) Working\u00a0Group to provide data privacy to DNS transactions. As part of DPRIVE, the IETF is proposing running DNS over the Transport Layer Security (TLS) cryptographic protocol, the follow-on to Secure Sockets Layer (SSL), both widely used to secure communications between web browsers and web servers. (For more on this issue, see these recent articles in\u00a0<\/em><a href=\"http:\/\/searchsecurity.techtarget.com\/news\/450297244\/New-spec-aims-to-improve-DNS-privacy-with-TLS\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">TechTarget<\/a>\u00a0<em>and<\/em>\u00a0<a href=\"http:\/\/www.theregister.co.uk\/2016\/05\/25\/ietf_boffins_its_time_to_encrypt_dns_requests\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">The Register<\/a>.)<\/p>\n<p><em>The ramifications for Infoblox customers are clear: \u00a0they will have to consider how deeper levels of DNS encryption affect their security and network capacity. What it all means is still being ironed out, but it\u2019s a conversation to be aware of. Given the level of passions that encryption enflames, it\u2019s perhaps not surprising the topic has provoked some disagreement among Infoblox executives themselves. Here, then, is a point\/counterpoint discussion between Cricket Liu (generally pro), chief DNS architect at Infoblox, and Rod Rasmussen (generally con), vice president of cybersecurity, giving their personal views on DNS encryption.<\/em><\/p>\n<p><strong>Cricket Liu:<\/strong>\u00a0The IETF bristles at what it calls state-sponsored, pervasive surveillance of internet traffic. If everything is snooped on, we should encrypt everything. If this were to happen, communication between your DNS servers and those on the internet would be encrypted. It would still be subject to certain types of analysis, so that a hacker might be able to do traffic tracking, but they would only see that it\u2019s a .com server your DNS server is querying, not which particular domain name your DNS server is asking about.\u00a0 The reason for doing this is that your DNS traffic can give away quite a bit about what you are doing on the internet: what websites you\u2019re visiting, what e-mail systems you interact with, what software you\u2019re running, and any other devices you need to look up a name to communicate with.\u00a0 For instance, a repressive regime could monitor their citizens, searching for those who look up the name of a VPN server run by an outside organization that helps dissidents communicate with the outside world.<\/p>\n<p><strong>Rod Rasmussen:<\/strong>\u00a0You have to ask yourself if protecting the rather limited amount of telltale information that DNS encryption provides is worth the impact it has on your network and users.\u00a0 In the case of HTTP traffic or email, the trade-off to encrypt makes sense since so much sensitive information travels directly over them. DNS, not so much. First and foremost, for DNS, I\u2019m concerned about performance implications. It\u2019s a question of complexity, and more complexity slows things down and makes them more fragile. It\u2019s more costly to send queries over TLS than to send them over the User Datagram Protocol (UDP). The capacity of DNS servers to serve queries will go down and latency will go up throughout the ecosystem. Networking will be more expensive because you\u2019re going to have to throw more horsepower at the problem.<\/p>\n<p><strong>Liu:<\/strong>\u00a0I think performance issues will be more noticeable to the admins. If this takes off, we\u2019re going to live in a world where TLS is the norm for DNS queries. Admins will do whatever it takes to deliver performance. The end-user might not actually notice much if the admins have done a good job.<\/p>\n<p><strong>Rasmussen:\u00a0<\/strong>That may well happen; however, the price you pay is too high for the incremental benefits you get. TLS adds overhead, and people don\u2019t like overhead. This is a problem with encryption in general. Beyond performance hits, encryption often impedes other security efforts that you should be making for your network. If you are encrypting traffic and communicating with outside entities, you lose the ability to examine traffic as it enters or leaves your network perimeter. You can\u2019t see exfiltration or insiders moving data files. Next-generation firewalls do a lot deep inspection of traffic to look for malicious behavior, and encryption typically thwarts that. If the traffic is encrypted, you can\u2019t do data loss prevention (DLP), because you may not know what\u2019s being moved. DNS is good for looking at tunneling and signaling patterns, but encrypting it makes such analysis almost impossible.<\/p>\n<p><strong>Liu:\u00a0<\/strong>But there are substantial benefits. Encryption provides integrity checking and authentication. You can avoid cache poisoning attacks. When traffic is encrypted, intermediate devices such as firewalls and intrusion detection systems won\u2019t be able to see traffic, but the DNS server still sees everything in the clear.<\/p>\n<p><strong>Rasmussen:\u00a0<\/strong>DNSSEC is probably a better mechanism for integrity checking and authentication, but of course, that assumes people actually deploy it and utilize its power.\u00a0 If you want to use your own DNS resolvers to look for malicious activities, and at scale, you\u2019re going to need to empower those servers and add even more resolvers. You\u2019re going to have to do more management at the enterprise level. You\u2019re going to have to tune the heck out of the network if you don\u2019t have control over the clients and fully understand how clients are interacting with DNS servers. For example, what do you do when the server doesn\u2019t provide encrypted connections or stops providing them for reasons you don\u2019t know? Do you let it fail and tell users they can\u2019t talk to the internet?<\/p>\n<p><strong>Liu:\u00a0<\/strong>We\u2019ve had situations like this before and we\u2019ve worked through them. We moved from unencrypted HTTP to HTTP over SSL to TLS. Google now allows you to use TLS by default, even if it\u2019s just to search. That\u2019s a big change. We\u2019ve dealt with this kind of complexity in DNS, too, as we deployed EDNS0 and as we\u2019ve rolled out DNSSEC (the DNS Security Extensions).<\/p>\n<p><strong>Rasmussen:\u00a0<\/strong>What\u2019s a government\u2019s response going to be if we start encrypting DNS? They\u2019ll just find the weak point and exploit it. They\u2019ll get court orders and tap into ISP\u2019s resolvers to see what the traffic is. The data has to get decrypted somewhere. That does make it harder for a government, because they can\u2019t just tap the backbone with a legal process, but it doesn\u2019t \u201csolve\u201d the problem. They\u2019ll have to work with more downstream with ISPs and people doing DNS resolution.<\/p>\n<p><strong>Liu:\u00a0<\/strong>That may be, but the DPRIVE effort has more momentum than most things I\u2019ve tracked. The bottom line is, if this becomes an internet standard, Infoblox will make it possible for customers to deploy it.<\/p>\n<p><strong>Rasmussen:\u00a0<\/strong>Yep, and the silver lining is that if you aren\u2019t using DNS firewalling or DNS analytics to protect your network, which you should be doing already, then dealing with encrypted DNS traffic will get you there.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Thanks to Edward Snowden and others, the way governments deal with cybersecurity monitoring has become more top-of-mind in the industry than ever before. The question is: how \u2013 and whether \u2013 governments should monitor data transmissions. This raises the thorny issue of encryption \u2013 an issue that is now extending to the Domain Name System [&hellip;]<\/p>\n","protected":false},"author":178,"featured_media":2630,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1],"tags":[30,16,15],"class_list":{"0":"post-2629","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-company","8":"tag-dns","9":"tag-infoblox","10":"tag-security","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>DNS Encryption: Point\/Counterpoint<\/title>\n<meta name=\"description\" content=\"Thanks to Edward Snowden and others, the way governments deal with cybersecurity monitoring has become more top-of-mind in the industry than ever before. The question is: how \u2013 and whether \u2013 governments should monitor data transmissions. This raises the thorny issue of encryption \u2013 an issue that is now extending to the Domain Name System (DNS).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DNS Encryption: Point\/Counterpoint\" \/>\n<meta property=\"og:description\" content=\"Thanks to Edward Snowden and others, the way governments deal with cybersecurity monitoring has become more top-of-mind in the industry than ever before. The question is: how \u2013 and whether \u2013 governments should monitor data transmissions. This raises the thorny issue of encryption \u2013 an issue that is now extending to the Domain Name System (DNS).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-07-19T08:00:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:28:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-Encryption-Point-Counterpoint-Image-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"724\" \/>\n\t<meta property=\"og:image:height\" content=\"483\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cricket Liu\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cricket Liu\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/\"},\"author\":{\"name\":\"Cricket Liu\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/bb6b62b1b99a7cbcd7c528d5763778d5\"},\"headline\":\"DNS Encryption: Point\\\/Counterpoint\",\"datePublished\":\"2016-07-19T08:00:04+00:00\",\"dateModified\":\"2020-05-06T17:28:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/\"},\"wordCount\":1205,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-Encryption-Point-Counterpoint-Image-1.jpg\",\"keywords\":[\"DNS\",\"Infoblox\",\"Security\"],\"articleSection\":[\"Company\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/\",\"name\":\"DNS Encryption: Point\\\/Counterpoint\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-Encryption-Point-Counterpoint-Image-1.jpg\",\"datePublished\":\"2016-07-19T08:00:04+00:00\",\"dateModified\":\"2020-05-06T17:28:05+00:00\",\"description\":\"Thanks to Edward Snowden and others, the way governments deal with cybersecurity monitoring has become more top-of-mind in the industry than ever before. The question is: how \u2013 and whether \u2013 governments should monitor data transmissions. This raises the thorny issue of encryption \u2013 an issue that is now extending to the Domain Name System (DNS).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-Encryption-Point-Counterpoint-Image-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-Encryption-Point-Counterpoint-Image-1.jpg\",\"width\":724,\"height\":483,\"caption\":\"DNS Encryption: Point\\\/Counterpoint\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dns-encryption-point-counterpoint\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Company\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/company\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"DNS Encryption: Point\\\/Counterpoint\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/bb6b62b1b99a7cbcd7c528d5763778d5\",\"name\":\"Cricket Liu\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/cricket-new-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/cricket-new-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/cricket-new-96x96.jpg\",\"caption\":\"Cricket Liu\"},\"description\":\"Cricket is one of the world\u2019s leading experts on the Domain Name System (DNS) and serves as the liaison between Infoblox and the DNS community. Before joining Infoblox, he founded an internet consulting and training company, Acme Byte &amp; Wire, after running the hp.com domain at Hewlett-Packard. Cricket is a prolific speaker and author, having written a number of books including \u201cDNS and BIND,\u201d one of the most widely used references in the field, now in its fifth edition.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/cricket-liu\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DNS Encryption: Point\/Counterpoint","description":"Thanks to Edward Snowden and others, the way governments deal with cybersecurity monitoring has become more top-of-mind in the industry than ever before. The question is: how \u2013 and whether \u2013 governments should monitor data transmissions. This raises the thorny issue of encryption \u2013 an issue that is now extending to the Domain Name System (DNS).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/","og_locale":"en_US","og_type":"article","og_title":"DNS Encryption: Point\/Counterpoint","og_description":"Thanks to Edward Snowden and others, the way governments deal with cybersecurity monitoring has become more top-of-mind in the industry than ever before. The question is: how \u2013 and whether \u2013 governments should monitor data transmissions. This raises the thorny issue of encryption \u2013 an issue that is now extending to the Domain Name System (DNS).","og_url":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/","og_site_name":"Infoblox Blog","article_published_time":"2016-07-19T08:00:04+00:00","article_modified_time":"2020-05-06T17:28:05+00:00","og_image":[{"width":724,"height":483,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-Encryption-Point-Counterpoint-Image-1.jpg","type":"image\/jpeg"}],"author":"Cricket Liu","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cricket Liu","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/"},"author":{"name":"Cricket Liu","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/bb6b62b1b99a7cbcd7c528d5763778d5"},"headline":"DNS Encryption: Point\/Counterpoint","datePublished":"2016-07-19T08:00:04+00:00","dateModified":"2020-05-06T17:28:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/"},"wordCount":1205,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-Encryption-Point-Counterpoint-Image-1.jpg","keywords":["DNS","Infoblox","Security"],"articleSection":["Company"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/","url":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/","name":"DNS Encryption: Point\/Counterpoint","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-Encryption-Point-Counterpoint-Image-1.jpg","datePublished":"2016-07-19T08:00:04+00:00","dateModified":"2020-05-06T17:28:05+00:00","description":"Thanks to Edward Snowden and others, the way governments deal with cybersecurity monitoring has become more top-of-mind in the industry than ever before. The question is: how \u2013 and whether \u2013 governments should monitor data transmissions. This raises the thorny issue of encryption \u2013 an issue that is now extending to the Domain Name System (DNS).","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-Encryption-Point-Counterpoint-Image-1.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-Encryption-Point-Counterpoint-Image-1.jpg","width":724,"height":483,"caption":"DNS Encryption: Point\/Counterpoint"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/company\/dns-encryption-point-counterpoint\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Company","item":"https:\/\/www.infoblox.com\/blog\/category\/company\/"},{"@type":"ListItem","position":3,"name":"DNS Encryption: Point\/Counterpoint"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/bb6b62b1b99a7cbcd7c528d5763778d5","name":"Cricket Liu","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/cricket-new-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/cricket-new-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/cricket-new-96x96.jpg","caption":"Cricket Liu"},"description":"Cricket is one of the world\u2019s leading experts on the Domain Name System (DNS) and serves as the liaison between Infoblox and the DNS community. Before joining Infoblox, he founded an internet consulting and training company, Acme Byte &amp; Wire, after running the hp.com domain at Hewlett-Packard. Cricket is a prolific speaker and author, having written a number of books including \u201cDNS and BIND,\u201d one of the most widely used references in the field, now in its fifth edition.","url":"https:\/\/www.infoblox.com\/blog\/author\/cricket-liu\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/178"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=2629"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2629\/revisions"}],"predecessor-version":[{"id":2631,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2629\/revisions\/2631"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/2630"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=2629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=2629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=2629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}