Windows 10 is getting Encrypted DNS (DNS over HTTPS)

Sushubh

Creator of new threads from offtopic posts
Staff member
Messages
396,796
Location
Gurugram
ISP
Excitel
Airtel
Windows will improve user privacy with DNS over HTTPS - Microsoft Tech Community - 1014229

We will not be making any changes to which DNS server Windows was configured to use by the user or network. Today, users and admins decide what DNS server to use by picking the network they join or specifying the server directly; this milestone won’t change anything about that. Many people use ISP or public DNS content filtering to do things like block offensive websites. Silently changing the DNS servers trusted to do Windows resolutions could inadvertently bypass these controls and frustrate our users. We believe device administrators have the right to control where their DNS traffic goes.
Many users and applications that want privacy will start getting the benefits without having to know about DNS. In line with principle 1, the DNS queries become more private with no action from either apps or users. When both endpoints support encryption, there’s no reason to wait around for permission to use encryption!
We can start seeing the challenges in enforcing the line on preferring resolution failure to unencrypted fallback. In line with principle 4, this DoH use will be enforced so that a server confirmed by Windows to support DoH will not be consulted via classic DNS. If this preference for privacy over functionality causes any disruption in common web scenarios, we’ll find out early.
Based on these principles, we are making plans to adopt DNS over HTTPS (or DoH) in the Windows DNS client. As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we’re open to having other options such as DNS over TLS (DoT) in the future. For now, we're prioritizing DoH support as the most likely to provide immediate value to everyone. For example, DoH allows us to reuse our existing HTTPS infrastructure.
For our first milestone, we'll start with a simple change: use DoH for DNS servers Windows is already configured to use. There are now several public DNS servers that support DoH, and if a Windows user or device admin configures one of them today, Windows will just use classic DNS (without encryption) to that server. However, since these servers and their DoH configurations are well known, Windows can automatically upgrade to DoH while using the same server.
 
Last edited:

vishalrao

The Global Village Idiot
Messages
5,299
Location
Pune
ISP
BSNL FTTH 100 mbps plan 1277
which browser? maybe its the browser that is updated? i dont think windows10 has yet gotten this update. showing DoH enabled for me too.
 


Sushubh

Creator of new threads from offtopic posts
Staff member
Messages
396,796
Location
Gurugram
ISP
Excitel
Airtel
checked in multiple browsers. chrome would have used dns.google instead of cloudflare doh.
 

Sushubh

Creator of new threads from offtopic posts
Staff member
Messages
396,796
Location
Gurugram
ISP
Excitel
Airtel
so only chrome shows doh enabled right now. i have chrome://flags/#dns-over-https enabled. i wonder if this is responsible.
 


Sushubh

Creator of new threads from offtopic posts
Staff member
Messages
396,796
Location
Gurugram
ISP
Excitel
Airtel
Browser should follow system's dns system in any case. Edge could get it through both Chrome which they use as base or Windows in coming months.
 
Top