Microsoft this week revealed plans to adopt DNS over HTTPS (DoH) in Windows 10 in an attempt to keep user traffic as private as possible.
Already set to arrive in Chrome and Firefox, DoH support in Windows means encrypted DNS queries, which essentially closes plain-text domain name transmissions in common web traffic and should result in a more secure overall Internet ecosystem.
DNS encryption, Microsoft says, doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.
While aiming at ensuring encrypted DNS support doesn’t break existing device admin configurations, Microsoft says that Windows DNS should be as private and functional as possible by default and that users and administrators should be able to easily access DNS settings for increased control over their privacy.
Furthermore, the company notes that Windows users and administrators should be able to improve DNS configuration fast and easy, without specialized knowledge, and that they need to explicitly allow fallback to unencrypted DNS once Windows has been configured.
“As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we’re open to having other options such as DNS over TLS (DoT) in the future. For now, we’re prioritizing DoH support as the most likely to provide immediate value to everyone,” Microsoft says.
DoH, the tech giant points out, allows it to reuse its existing HTTPS infrastructure, and the first step toward adopting the protocol is to use DoH for the DNS servers that Windows is already configured to use.
Several public DNS servers already support DoH and Windows could automatically upgrade to DoH when using them.
One of the main benefits of this approach, Microsoft says, is that there will be no changes made to which DNS server Windows was configured to use by the user or network. This should not affect content filtering settings that users or admins have adopted to block specific websites.
It also brings privacy benefits to users and applications even if they do not know about DNS and without requiring action from them. It also means that DoH use will be enforced on server connections, which should surface disruptions ahead of broader rollout.
Next, the company will look for more privacy-friendly ways for users to discover Windows’ DNS settings and to make those settings DoH-aware, so that they could configure DoH servers explicitly.
“With encrypted DNS gaining more attention, we felt it was important to make our intentions clear as early as possible. We don’t want our customers wondering if their trusted platform will adopt modern privacy standards or not,” Microsoft says, adding that DoH has yet to become available to Windows Insiders.
Related: Google Makes DNS Over HTTPS Generally Available
Related: DNS-over-HTTPS Coming to Firefox
Related: DNS-over-HTTPS Coming to Chrome 78

More from Ionut Arghire
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
Latest News
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
