Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Microsoft Will Bring DNS Over HTTPS (DoH) to Windows

Microsoft this week revealed plans to adopt DNS over HTTPS (DoH) in Windows 10 in an attempt to keep user traffic as private as possible.

Microsoft this week revealed plans to adopt DNS over HTTPS (DoH) in Windows 10 in an attempt to keep user traffic as private as possible.

Already set to arrive in Chrome and Firefox, DoH support in Windows means encrypted DNS queries, which essentially closes plain-text domain name transmissions in common web traffic and should result in a more secure overall Internet ecosystem.

DNS encryption, Microsoft says, doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.

While aiming at ensuring encrypted DNS support doesn’t break existing device admin configurations, Microsoft says that Windows DNS should be as private and functional as possible by default and that users and administrators should be able to easily access DNS settings for increased control over their privacy.

Furthermore, the company notes that Windows users and administrators should be able to improve DNS configuration fast and easy, without specialized knowledge, and that they need to explicitly allow fallback to unencrypted DNS once Windows has been configured.

“As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we’re open to having other options such as DNS over TLS (DoT) in the future. For now, we’re prioritizing DoH support as the most likely to provide immediate value to everyone,” Microsoft says.

DoH, the tech giant points out, allows it to reuse its existing HTTPS infrastructure, and the first step toward adopting the protocol is to use DoH for the DNS servers that Windows is already configured to use.

Several public DNS servers already support DoH and Windows could automatically upgrade to DoH when using them.

One of the main benefits of this approach, Microsoft says, is that there will be no changes made to which DNS server Windows was configured to use by the user or network. This should not affect content filtering settings that users or admins have adopted to block specific websites.

It also brings privacy benefits to users and applications even if they do not know about DNS and without requiring action from them. It also means that DoH use will be enforced on server connections, which should surface disruptions ahead of broader rollout.

Next, the company will look for more privacy-friendly ways for users to discover Windows’ DNS settings and to make those settings DoH-aware, so that they could configure DoH servers explicitly.

“With encrypted DNS gaining more attention, we felt it was important to make our intentions clear as early as possible. We don’t want our customers wondering if their trusted platform will adopt modern privacy standards or not,” Microsoft says, adding that DoH has yet to become available to Windows Insiders.

Related: Google Makes DNS Over HTTPS Generally Available

Related: DNS-over-HTTPS Coming to Firefox

Related: DNS-over-HTTPS Coming to Chrome 78

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.