Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Microsoft Will Bring DNS Over HTTPS (DoH) to Windows

Microsoft this week revealed plans to adopt DNS over HTTPS (DoH) in Windows 10 in an attempt to keep user traffic as private as possible.

Microsoft this week revealed plans to adopt DNS over HTTPS (DoH) in Windows 10 in an attempt to keep user traffic as private as possible.

Already set to arrive in Chrome and Firefox, DoH support in Windows means encrypted DNS queries, which essentially closes plain-text domain name transmissions in common web traffic and should result in a more secure overall Internet ecosystem.

DNS encryption, Microsoft says, doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.

While aiming at ensuring encrypted DNS support doesn’t break existing device admin configurations, Microsoft says that Windows DNS should be as private and functional as possible by default and that users and administrators should be able to easily access DNS settings for increased control over their privacy.

Furthermore, the company notes that Windows users and administrators should be able to improve DNS configuration fast and easy, without specialized knowledge, and that they need to explicitly allow fallback to unencrypted DNS once Windows has been configured.

“As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we’re open to having other options such as DNS over TLS (DoT) in the future. For now, we’re prioritizing DoH support as the most likely to provide immediate value to everyone,” Microsoft says.

DoH, the tech giant points out, allows it to reuse its existing HTTPS infrastructure, and the first step toward adopting the protocol is to use DoH for the DNS servers that Windows is already configured to use.

Several public DNS servers already support DoH and Windows could automatically upgrade to DoH when using them.

Advertisement. Scroll to continue reading.

One of the main benefits of this approach, Microsoft says, is that there will be no changes made to which DNS server Windows was configured to use by the user or network. This should not affect content filtering settings that users or admins have adopted to block specific websites.

It also brings privacy benefits to users and applications even if they do not know about DNS and without requiring action from them. It also means that DoH use will be enforced on server connections, which should surface disruptions ahead of broader rollout.

Next, the company will look for more privacy-friendly ways for users to discover Windows’ DNS settings and to make those settings DoH-aware, so that they could configure DoH servers explicitly.

“With encrypted DNS gaining more attention, we felt it was important to make our intentions clear as early as possible. We don’t want our customers wondering if their trusted platform will adopt modern privacy standards or not,” Microsoft says, adding that DoH has yet to become available to Windows Insiders.

Related: Google Makes DNS Over HTTPS Generally Available

Related: DNS-over-HTTPS Coming to Firefox

Related: DNS-over-HTTPS Coming to Chrome 78

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.