2

Microsoft adds Windows 10 DNS over HTTPS settings section

Microsoft has announced that Windows 10 customers can now configure DNS over HTTPS (DoH) directly from the Settings app starting with the release of Windows 10 Insider Preview Build 20185 to Windows Insiders in the Dev Channel.

https://lifehacker.com/how-to-turn-on-dns-over-https-for-all-apps-in-windows-1-1843544589

https://www.bleepingcomputer.com/news/microsoft/how-to-enable-dns-over-https-doh-in-windows-10/

4replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • The Windows 10 Sun Valley design refresh - Here's what's coming

     

    https://www.bleepingcomputer.com/news/microsoft/the-windows-10-sun-valley-design-refresh-heres-whats-coming/

    New DNS over HTTPS (DoH) feature

    Since Windows 10 version 21H1 will be a minor release, native support for DNS over HTTPS (DoH) will likely be introduced with Windows 10 Sun Valley update.

    DNS over HTTPS (DoH) is a new feature that will allow DNS resolution over encrypted HTTPS connections, and it aims to protect your browsing privacy from outsiders.

    "If you haven’t been waiting for it, and are wondering what DoH is all about, then be aware this feature will change how your device connects to the Internet and is in an early testing stage so only proceed if you’re sure you’re ready," Microsoft noted in a blog post published last year.

    Like 1
  • Compared to DNS-over-TLS, DoH is less performant due to the HTTP overhead. There are also privacy implications of using the HTTP protocol. A server could instrumentalise HTTP auth headers, e-tags and SSL session ID for tracking or use HTTP headers such as user agent, accept language, etc. for fingerprinting the browser. Simple tracking via cookies would be too simple, however. A DoH client should ignore cookies, as the IETF writes in RFC 8484.

    If one has the choice, one should prefer DNS-over-TLS instead of DNS-over-HTTPS.

    Like 1
    • DynamicNotSlow the perf difference is non-substantial, especially with HTTP/3 as all the stream handling is at the Quic layer. All TLS fingerprinting is irrelevant as HTTP/3 relies on the TLS of the Quic layer and DoH2 and DoT share the same TLS over TCP layer, they are then identical. All known DoH clients, including the ones in browsers, are not sending any identifiable headers, not even a user agent.

      With HTTP/3 you get protocol negotiation and fallback on HTTP/2 (for when UDP is blocked) for free. You don’t get that with bear Quic (DoQ) and both DoT and DoQ are very easy to identify and block.

      Finally, DoH (H2 and H3) will soon be supported by most OS and browsers. No major actor announced DoQ support and DoT is only supported by Android.

      On the server we support all protocol: DoH, DoH3, DoT and DoQ (last draft) and we use DoH3 in our CLI.

      Like 4
      • DynamicNotSlow
      • Pro subscriber ✓
      • DynamicNotSlow
      • 4 mths ago
      • Reported - view

      Olivier Poitrey aweome! <3

      Thanks also for your great answer. Can't wait using these improvements

      Like
Like2 Follow
  • 2 Likes|like
  • 4 mths agoLast active
  • 4Replies
  • 261Views
  • 3 Following