Microsoft has enabled DNS protocol over HTTPS in the latest version of Windows 10 for the Insider test channel, Build 19628, adding greater security and privacy to the operating system.
The DNS protocol over HTTPS (DpH – IETF RFC8484) can be integrated directly into the applications, allowing each one to use its own DNS solvers instead of depending on the operating system. In fact, this technology is already available in Mozilla’s Firefox browser and is being tested in Google’s Chrome. Still, there is no doubt about its momentum once Microsoft supports it in the most used operating system of the computer desktop.
DNS over HTTPS is a security protocol On the Internet, it encrypts DNS connections and hides them over common HTTPS traffic, making it impossible for ISPs to spy on Internet traffic and know what websites a client is visiting. Remember that currently and generally DNS requests are sent over plain text UDP connections.
Microsoft noted in its announcement that the adoption of encrypted DNS in Windows will help improve the overall ecosystem of the Internet. In addition to the aspects of privacy enhancementBy preventing eavesdropping and manipulating DNS data through broker attacks, this technology also improves the performance of ISP domain name systems, sometimes very slow, resolutions.
In countries like the UK, this privacy technology is strongly opposed by ISP or security servicesAs “it would bypass the UK’s filtering obligations and parental controls, undermining UK internet security standards,” they said. However, Microsoft notes that it was worth the price, explaining that “they should treat privacy as a human right and have cyber security built into the products,” as pro-privacy organizations like the EFF ask.
How to enable DNS over HTTPS in Windows 10
The feature can be enabled in Windows 10 Build 19628 (or higher) build, currently being tested on the Insiders channel, although Microsoft is expected to roll it out to stable versions. To enable it:
Open Registry Editor
Navigate to the registry key “HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Dnscache Parameters”
Create a new DWORD value “EnableAutoDoh”
Set its value to 2
Next, you must configure the operating system to use a DNS server that supports this function like Google’s (8-8-8-8) or Cloudfare’s (1-1-1-1). It is done as in any change of these Domain Name System:
Go to the System Control Panel and click on “Network and Sharing Center”.
Click on “Connections-Ethernet”
Click on “Properties-Internet Protocol version 4-Properties”
Modify the DNS addresses for the alternatives that support the DNS function over HTTPS
All ready. Once you restart your computer, Windows will start using DoH to communicate with these servers instead of classic DNS over port 53, “shutting down one of the last plain text domain name transmissions on common web traffic”, point out the Windows Core Networking engineers who have implemented this technology.