DNS over HTTPS (DoH) in Enterprise Networks: Privacy Gains vs. Security Trade offs

Abstract

DNS over HTTPS (DoH) improves user privacy by encrypting DNS queries, preventing eavesdropping and manipulation. However, its impact on enterprise network visibility and control remains controversial. This paper evaluates the adoption of DoH in enterprise environments, assessing both privacy benefits and operational challenges. We simulate DoH traffic using Mozilla and Cloudflare implementations, testing its effect on DNS filtering, DLP policies, and malware detection systems. While DoH prevents ISP and MITM based tracking, it also circumvents traditional DNS based content filters and hampers SOC visibility. Packet inspection tools and firewall rule modifications are tested to restore control without breaking functionality. A hybrid model where approved DoH resolvers are explicitly allowed while others are blocked emerges as a viable compromise. The paper concludes with policy guidelines for balancing privacy with regulatory compliance and internal monitoring needs. This research is crucial as DoH usage continues to rise among privacy conscious applications and end users.