CyberTech

Level 32
Verified
Microsoft has shipped a new Windows 10 preview build to users enrolled in the Windows Insider program, and the company has included a highly-anticipated new feature.

It’s DNS over HTTPS, a security feature that has long been requested to be added to Windows 10 and which Microsoft is now testing with help from Windows insiders before bringing it to production devices at some point in the future.

“If you have been waiting to try DNS over HTTPS (DoH) on Windows 10, you're in luck: the first testable version is now available to Windows Insiders! If you haven’t been waiting for it, and are wondering what DoH is all about, then be aware this feature will change how your device connects to the Internet and is in an early testing stage so only proceed if you’re sure you’re ready,” Microsoft explains.
 

SeriousHoax

Level 30
Verified
Malware Tester
Support for the DNS-over-HTTPS protocol has landed this week in Windows Insiders, Microsoft's experimental version of Windows, where the company tests new features before making them broadly available.

Current Windows 10 Insiders Fast Ring distributions now include a DNS-over-HTTPS (DoH) client.

When activated, this new DoH client will allow the Windows OS to use the DoH protocol instead of classic DNS when connecting to the internet and when resolving web domains.

Instead of sending the request in cleartext to a DNS server over port 53, DoH takes the request, encrypts it, and sends it as regular HTTPS traffic via port 443. In other words, DoH effectively hides DNS inside regular HTTPS traffic.
Read the full article here
 

TairikuOkami

Level 28
Verified
Content Creator
But why does it have to be routed through DNS Cache? I would expect it to be deprecated, it is not like common users need it these days. If it needs a standalone service, fine but not this. Still, I expect, it will suffer from the same issue as simplednscrypt, all DNS traffic will be allowed, malware included.
 

geminis3

Level 15
Verified
Malware Tester
But why does it have to be routed through DNS Cache? I would expect it to be deprecated, it is not like common users need it these days. If it needs a standalone service, fine but not this. Still, I expect, it will suffer from the same issue as simplednscrypt, all DNS traffic will be allowed, malware included.
So in that case, it's better to do DoH at the network level?
 

blackice

Level 28
Verified
Which router/DNS provider you use?
I use a Gryphon router, which uses ESET's blocklist. However, their third party DNS implementation is broken. And they don't offer DoT, or DoH. I used to use an ASUS router with Merlin firmware, and implemented DoT. I'm starting to miss it, except the security holes that pop up constantly, which the Gryphon doesn't have.
 
Top