Microsoft Brings DNS Over HTTPS to Windows 10

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Microsoft has shipped a new Windows 10 preview build to users enrolled in the Windows Insider program, and the company has included a highly-anticipated new feature.

It’s DNS over HTTPS, a security feature that has long been requested to be added to Windows 10 and which Microsoft is now testing with help from Windows insiders before bringing it to production devices at some point in the future.

“If you have been waiting to try DNS over HTTPS (DoH) on Windows 10, you're in luck: the first testable version is now available to Windows Insiders! If you haven’t been waiting for it, and are wondering what DoH is all about, then be aware this feature will change how your device connects to the Internet and is in an early testing stage so only proceed if you’re sure you’re ready,” Microsoft explains.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Support for the DNS-over-HTTPS protocol has landed this week in Windows Insiders, Microsoft's experimental version of Windows, where the company tests new features before making them broadly available.

Current Windows 10 Insiders Fast Ring distributions now include a DNS-over-HTTPS (DoH) client.

When activated, this new DoH client will allow the Windows OS to use the DoH protocol instead of classic DNS when connecting to the internet and when resolving web domains.

Instead of sending the request in cleartext to a DNS server over port 53, DoH takes the request, encrypts it, and sends it as regular HTTPS traffic via port 443. In other words, DoH effectively hides DNS inside regular HTTPS traffic.
Read the full article here
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
But why does it have to be routed through DNS Cache? I would expect it to be deprecated, it is not like common users need it these days. If it needs a standalone service, fine but not this. Still, I expect, it will suffer from the same issue as simplednscrypt, all DNS traffic will be allowed, malware included.
 

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
But why does it have to be routed through DNS Cache? I would expect it to be deprecated, it is not like common users need it these days. If it needs a standalone service, fine but not this. Still, I expect, it will suffer from the same issue as simplednscrypt, all DNS traffic will be allowed, malware included.
So in that case, it's better to do DoH at the network level?
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
I still like this idea, but it bypasses the DNS web filtering of my router, so I probably won’t use it.
 
  • Like
Reactions: oldschool

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
Which router/DNS provider you use?
I use a Gryphon router, which uses ESET's blocklist. However, their third party DNS implementation is broken. And they don't offer DoT, or DoH. I used to use an ASUS router with Merlin firmware, and implemented DoT. I'm starting to miss it, except the security holes that pop up constantly, which the Gryphon doesn't have.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top