Microsoft adds DNS over HTTPS support for Windows Insiders

David Matthews

Posts: 363   +70
Staff member

Microsoft is adding support for DNS over HTTPS (DoH) protocol for Windows Insiders in the Fast Ring. This is the highly experimental version of Windows that allows users to test out new features before broader adoption by everyone else.

As avid TechSpot readers likely know, DNS stands for Domain Name Service and involves translating human readable URLs to IP addresses. Unfortunately, while most web traffic is encrypted using HTTPS, DNS queries are not. DoH fixes this by encrypting the DNS traffic using HTTPS.

Specifically, special DNS servers called DoH resolvers process regular HTTPS traffic, decrypt the DNS request, and forwards it to a regular DNS system. The resulting translation gets sent back to the user over HTTPS.

Mozilla has already enabled DoH in Firefox while Google is testing the feature on Chromium. In fact, you can enable it now by turning on the flag in chrome://flags or edge://flags. However, enabling DoH at the browser level introduces problems for enterprise customers and still doesn't address other non-browser apps that use DNS.

By baking in DoH support at the operating system level, Microsoft will help system administrators better filter DNS requests while also enhancing privacy for regular consumers. The company detailed why Windows needed DoH back in November, emphasizing that privacy is a human right and that cybersecurity should be "built into technology."

If you are part of the Windows Insider Program and don't mind altering your Windows registry, follow the steps here to activate DoH.

Permalink to story.

 

brucek

Posts: 340   +395
This seems fine and all, but doesn't your ISP's routers still need to see the address you want to connect to, and won't they just do a reverse DNS on those addresses anyway?
 

jobeard

Posts: 13,830   +1,749
The Name vs IP resolution is totally in the DNS, but once so resolved, the ISP gateway router sends the request to the next hop. The should be via the routing table without examination, but one can never be sure.
 

Danny101

Posts: 1,292   +513
This seems fine and all, but doesn't your ISP's routers still need to see the address you want to connect to, and won't they just do a reverse DNS on those addresses anyway?
Probably a placebo effect anyway.
 

Latest posts