AWS Route53 medium security documentation change
Summary
Added requirement to allow port 443 in security groups when using DNS-over-HTTPS (DoH)
Security assessment
Explicitly requiring port 443 for DoH protocol in security groups addresses potential misconfigurations that could block secure DNS traffic, improving encryption compliance.
Diff
diff --git a/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.md b/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.md index 638dc3032..807e08596 100644 --- a//Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.md +++ b//Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.md @@ -65 +65 @@ All inbound DNS queries from your network pass through this VPC on the way to Re -The ID of one or more security groups that you want to use to control access to this VPC. The security group that you specify must include one or more inbound rules. Inbound rules must allow TCP and UDP access on port 53. You can't change this value after you create the endpoint. +The ID of one or more security groups that you want to use to control access to this VPC. The security group that you specify must include one or more inbound rules. Inbound rules must allow TCP and UDP access on port 53. If you are using the DoH protocol, you will also have to allow port 443 in security group.You can't change this value after you create the endpoint.