Microsoft to add DNS over HTTPS to Windows 10 to boost users' privacy

DNS over HTTPS encrypts DNS traffic - hiding users' web surfing from ISPs

Microsoft is planning to incorporate encrypted DNS resolution services (DNS-over-HTTPS or DoH) into Windows 10 in an effort to boost end-to-end security for users.

"We are making plans to adopt DNS over HTTPS in the Windows DNS client," Windows Core Networking engineers Gabriel Montenegro, Ivan Pasho and Tommy Jensen revealed in a blog post.

"As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we're open to having other options such as DNS over TLS (DoT) in the future," they added.

DoH is used to carry out domain name system (DNS) resolution via secured HTTPS protocol.

Currently, when a user enters a URL into a browser, an unencrypted DNS query attempts to locate the name server to match the domain to an IP address. Since this query is not encrypted, it can be viewed at all points where the data gets handled, for example, by the ISP of the user.

In contrast, DoH works by encrypting DNS traffic, and requiring authentication of the server. This limits malicious actors' ability to read or hijack browser traffic or divert it to rogue servers.

In September, Mozilla announced that its Firefox browser would start offering a DoH service, with Cloudflare as the DNS provider. Google is also currently experimenting with DoH in its Chrome version 78, which was released in September.

Despite its benefits, DoH has also been met with criticism from ISPs, security vendors and enterprise administrators, who argue that encryption of queries will make it impossible to filter undesirable content.

In June, UK's Internet Watch Foundation (IWF) warned that DoH encryption would endanger children's online safety by making it harder to block child-abuse images on the web.

Microsoft will start implementing DoH in Windows 10 by automatically encrypting DNS queries for users, provided their DNS resolvers support encryption over HTTPS.

The company says it won't change the DNS servers on any Windows 10 devices, and only users and admins will select the DNS servers they want to use to resolve their DNS queries.

Many users and applications seeking privacy will start getting the benefits without a need to know about DNS, according to Microsoft. In future, Windows 10 users/admins will also be able to set up DoH servers using a dedicated interface within the Windows DNS settings.