14 DAY TRIAL // Microsoft has recently announced that it’s bringing DNS over HTTPS to the Windows DNS client in order to provide users with enhanced privacy.
DNS over HTTPS no longer uses plain-text domain name information for web traffic, and Microsoft says this is just the first step towards a more secure approach, with DNS over TLS also planned.
“As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we’re open to having other options such as DNS over TLS (DoT) in the future. For now, we're prioritizing DoH support as the most likely to provide immediate value to everyone. For example, DoH allows us to reuse our existing HTTPS infrastructure,” Microsoft engineers Tommy Jensen, Ivan Pashov, and Gabriel Montenegro, explain.
According to the planned implementation of DNS over HTTPS, Microsoft won’t make any change to the DNS server configured in Windows. However, if a DNS server does support DNS over HTTPS, the new standard is automatically enabled, with no disruption caused to the user.
Coming to preview builds shortly
On the other hand, the Microsoft engineers explain that Windows users will have to explicitly allow the return to standard DNS once the encryption is enabled. If users don’t give their consent, using unencrypted DNS is forbidden, the company says.
“There are now several public DNS servers that support DoH, and if a Windows user or device admin configures one of them today, Windows will just use classic DNS (without encryption) to that server. However, since these servers and their DoH configurations are well known, Windows can automatically upgrade to DoH while using the same server,” Microsoft’s experts note.
DNS over HTTPS will be first implemented in preview builds of Windows that are released as part of the Windows Insider program. It should then make its way to production devices, possibly as part of the 20H1 Windows 10 feature update in the spring of 2020.