DOH –> Windows Insiders
Share this:
Support for the DNS-over-HTTPS protocol has landed this week in Windows Insiders, Microsoft’s experimental version of Windows, where the company tests new features before making them broadly available.
When activated, this new DoH client will allow the Windows OS to use the DoH protocol instead of classic DNS when connecting to the internet and when resolving web domains.
Microsoft was responding to a rise in public interest in using DoH instead of DNS. At the time, browsers like Chrome and Firefox had shipped support for DoH.
The OS is in charge of DNS settings , recent history shows browsers started to add DOH seems to be a Headache. By developing a DoH client, Microsoft is bringing this control at the OS level again. This move benefits both system administrators of large corporate networks, but also home consumers, who will be able to benefit from DoH’s increased privacy even for apps that don’t natively support DoH (as Chrome and Firefox do now).
The DoH protocol is currently being viewed as a win for user privacy. The protocol works by taking a regular DNS request to resolve a web domain but hiding it.
Instead of sending the request in cleartext to a DNS server over port 53, DoH takes the request, encrypts it, and sends it as regular HTTPS traffic via port 443. In other words, DoH effectively hides DNS inside regular HTTPS traffic.
DNS servers that can process DoH traffic are called DoH resolvers. A DoH resolver has an open interface that listens for incoming HTTPS traffic, decrypts the request, resolves against the normal DNS name server systems, and returns the result to the user via the same HTTPS route, hence the name DNS-over-HTTPS.
Last year, Microsoft said that its end goal for the Windows DoH client is to migrate users from DNS to DoH without the user having to change any of their DNS settings. This would be done by having Windows automatically detect if a user’s locally-set DNS servers have an alternative DoH interface.
If the DoH client is enabled, Windows will use the DoH interface and fall back to classic DNS when DoH interfaces aren’t available or responding.
The Windows DoH client that shipped this week with Windows 10 Insiders Fast Ring builds supports only three DoH resolvers at the moment (Cloudflare, Google, Quad9), but this is only for the testing phase, and eventually, this will work seamlessly once it reaches the Windows stable release.
