Security Experts:

Microsoft Will Bring DNS Over HTTPS (DoH) to Windows

Microsoft this week revealed plans to adopt DNS over HTTPS (DoH) in Windows 10 in an attempt to keep user traffic as private as possible.

Already set to arrive in Chrome and Firefox, DoH support in Windows means encrypted DNS queries, which essentially closes plain-text domain name transmissions in common web traffic and should result in a more secure overall Internet ecosystem.

DNS encryption, Microsoft says, doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.

While aiming at ensuring encrypted DNS support doesn’t break existing device admin configurations, Microsoft says that Windows DNS should be as private and functional as possible by default and that users and administrators should be able to easily access DNS settings for increased control over their privacy.

Furthermore, the company notes that Windows users and administrators should be able to improve DNS configuration fast and easy, without specialized knowledge, and that they need to explicitly allow fallback to unencrypted DNS once Windows has been configured.

“As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we’re open to having other options such as DNS over TLS (DoT) in the future. For now, we're prioritizing DoH support as the most likely to provide immediate value to everyone,” Microsoft says.

DoH, the tech giant points out, allows it to reuse its existing HTTPS infrastructure, and the first step toward adopting the protocol is to use DoH for the DNS servers that Windows is already configured to use.

Several public DNS servers already support DoH and Windows could automatically upgrade to DoH when using them.

One of the main benefits of this approach, Microsoft says, is that there will be no changes made to which DNS server Windows was configured to use by the user or network. This should not affect content filtering settings that users or admins have adopted to block specific websites.

It also brings privacy benefits to users and applications even if they do not know about DNS and without requiring action from them. It also means that DoH use will be enforced on server connections, which should surface disruptions ahead of broader rollout.

Next, the company will look for more privacy-friendly ways for users to discover Windows’ DNS settings and to make those settings DoH-aware, so that they could configure DoH servers explicitly.

“With encrypted DNS gaining more attention, we felt it was important to make our intentions clear as early as possible. We don’t want our customers wondering if their trusted platform will adopt modern privacy standards or not,” Microsoft says, adding that DoH has yet to become available to Windows Insiders.

Related: Google Makes DNS Over HTTPS Generally Available

Related: DNS-over-HTTPS Coming to Firefox

Related: DNS-over-HTTPS Coming to Chrome 78

view counter