Microsoft Brings DNS Over HTTPS to Windows 10

[CyberTech]

Content source

https://news.softpedia.com/news/microsoft-brings-dns-over-https-to-windows-10-529977.shtml

Microsoft has shipped a new Windows 10 preview build to users enrolled in the Windows Insider program, and the company has included a highly-anticipated new feature.

It’s DNS over HTTPS, a security feature that has long been requested to be added to Windows 10 and which Microsoft is now testing with help from Windows insiders before bringing it to production devices at some point in the future.

“If you have been waiting to try DNS over HTTPS (DoH) on Windows 10, you're in luck: the first testable version is now available to Windows Insiders! If you haven’t been waiting for it, and are wondering what DoH is all about, then be aware this feature will change how your device connects to the Internet and is in an early testing stage so only proceed if you’re sure you’re ready,” Microsoft explains.

 

[SeriousHoax]

Support for the DNS-over-HTTPS protocol has landed this week in Windows Insiders, Microsoft's experimental version of Windows, where the company tests new features before making them broadly available.

Current Windows 10 Insiders Fast Ring distributions now include a DNS-over-HTTPS (DoH) client.

When activated, this new DoH client will allow the Windows OS to use the DoH protocol instead of classic DNS when connecting to the internet and when resolving web domains.

Instead of sending the request in cleartext to a DNS server over port 53, DoH takes the request, encrypts it, and sends it as regular HTTPS traffic via port 443. In other words, DoH effectively hides DNS inside regular HTTPS traffic.

Read the full article here

 

[bayasdev]

Looks like most DNS traffic will be encrypted by the end of this decade, even my router got DoH in the latest beta FW.

Afterall this is good for a healthier internet.

 

[blackice]

Looks like most DNS traffic will be encrypted by the end of this decade, even my router got DoH in the latest beta FW.

Afterall this is good for a healthier internet.

What router do you use?

 

[bayasdev]

What router do you use?

hAP ac² | MikroTik

Dual-Concurrent 2.4/5GHz AP, 802.11a/b/g/n/ac, Five Gigabit Ethernet ports, USB for 3G/4G support, universal tower case and IPsec hardware encryption support

mikrotik.com

 

[TairikuOkami]

But why does it have to be routed through DNS Cache? I would expect it to be deprecated, it is not like common users need it these days. If it needs a standalone service, fine but not this. Still, I expect, it will suffer from the same issue as simplednscrypt, all DNS traffic will be allowed, malware included.

 

[bayasdev]

But why does it have to be routed through DNS Cache? I would expect it to be deprecated, it is not like common users need it these days. If it needs a standalone service, fine but not this. Still, I expect, it will suffer from the same issue as simplednscrypt, all DNS traffic will be allowed, malware included.

So in that case, it's better to do DoH at the network level?

 

[blackice]

I still like this idea, but it bypasses the DNS web filtering of my router, so I probably won’t use it.

 

[bayasdev]

I still like this idea, but it bypasses the DNS web filtering of my router, so I probably won’t use it.

Which router/DNS provider you use?

 

[blackice]

Which router/DNS provider you use?

I use a Gryphon router, which uses ESET's blocklist. However, their third party DNS implementation is broken. And they don't offer DoT, or DoH. I used to use an ASUS router with Merlin firmware, and implemented DoT. I'm starting to miss it, except the security holes that pop up constantly, which the Gryphon doesn't have.