In the recently released Windows 10 Insider Build 19628, Microsoft has added support for DNS over HTTPS (DoH). Windows DoH client is currently in the initial stages of development and is available for testing purposes right now.
As the name says, DNS over HTTPS is an internet protocol that makes it compulsory to encrypt DNS queries by sending them over an HTTPS link to protect the privacy and security of the users. Usually, by default, the DNS queries in Windows 10 are sent in plain text, making them susceptible to man-in-the-middle attacks.
The Insiders running Build 19628 can activate DNS over HTTPS by tweaking Windows Registry settings. Once enabled, it will work with Google Public DNS, Cloudflare, and Quad9 DNS, provided they are configured on the PC.
If you’re are not a part of the Windows Insider program, you can still use DoH on your PC. Various web browsers, including Google Chrome, Mozilla Firefox, Brave, etc. already support DNS over HTTPS. For example, in Chrome, you can go to chrome://flags and enable the flag Secure DNS Lookups.
However, the feature will only work inside the browser. Nevertheless, having a system-wide encrypted DNS functionality could turn out to be beneficial to the users.
Microsoft had previously acknowledged DoH back in 2019 when it first revealed its intention to add the functionality to Windows 10. However, there is an alternative known as DNS over TLS (DoT) that uses the Transport Layer Security to enable encrypted DNS.
Microsoft picked DoH over DoT as it could utilize its existing HTTPS infrastructure, it said. However, if users need it, the Windows-maker is open to having DoT support for Windows 10 in the future.
Meanwhile, popular DNS services such as Google Public DNS, Quad9, and Cloudflare have added support for both DoH and DoT to cater to the needs of different platforms. For instance, Android 9 (and later) supports DNS over TLS to improve security.