DNS and security have a long sometimes adverse relationship. The last decade was mostly securing the authenticity of DNS data with DNSSEC. After several tries it got slow operator uptake even as new attacks on the DNS were discovered. After the 2014 Snowden revelations the focus shifted to securing the DNS transport channel. The formation of the IETF dprive working group brought fresh ideas and people into the DNS community and resulted in the release of DNS over TLS (RFC 7858) followed by the doh working group releasing DNS over HTTPs (RFC 8484). We’ve always had documentation or problems with definitional scope with new standards and in this case there will be a need for new operational practices. This talk will describe issues we’re likely to encounter and discuss ways we might deal with them (or not!) in the future.