Microsoft tests built-in DNS over HTTPS for Windows 10 client

Letters DNS displayed on a blue high tech background

Windows Insiders have been given the chance to test a DNS-over-HTTPS (DoH) protocol hardwired into Windows 10 that can be activated to encrypt their web traffic.

Users with access to the latest Windows 10 preview build can turn on the service through the Registry Editor and choose from a host of Windows IP addresses as a DNS server. The system then communicates with the chosen server and traffic from apps and services will flow through DoH instead of classic DNS over port 53.

The technology, a replacement for the decades-old domain name service (DNS) protocol, has been growing in popularity in recent years, with prominent browsers such as Mozilla’s Firefox leading the charge.

When activated on Windows 10, it’ll effectively mask all users’ web activity in such a way that individuals will be safeguarded against interception from third parties, including from Internet Service Providers (ISPs).

Existing domain name service (DNS) technology is decades-old and highly insecure, leaving connections open to interception by third parties and to man-in-the-middle attacks. This is effectively how ISPs monitor customers’ web browsing and enforce web filters.

DoH, on the other hand, encrypts all web traffic from the source, limiting the prospect for others to manipulate or redirect web traffic when DNS requests are resolved.

Microsoft began working on an in-built DoH service for Windows 10 in November last year, hoping to phase out the use of DNS technology given it’s one of the last remaining plain-text domain name transmissions in web traffic.

ISPs deride the technology because it prevents them from monitoring web users’ traffic to ensure customers aren’t accessing copyrighted, extremist or illegal content. Web filters, moreover, would be utterly disabled by the widespread implementation of DoH.

These organisations are obliged to filter content and implement parental controls as stipulated by the Digital Economy Act 2017. The legislation included a provision for websites hosting adult content to implement age verification checks, but the measures were continuously delayed due to technical and practical difficulties, and eventually abandoned altogether in October 2019.

The government, meanwhile, is in the process of trying to understand the implications of DoH and how it relates to UK law. As of last May, the Department for Digital, Culture, Media and Sport (DCMS) was working with the National Cyber Security Centre (NCSC) according to the parliamentary under-secretary of state for DCMS, Lord Ashton of Hyde.

“This involves liaising across government and engaging with industry at all levels, operators, internet service providers, browser providers and pan-industry organisations to understand rollout options and influence the way ahead,” he said, speaking in the House of Lords.

“The rollout of DoH is a complex commercial and technical issue revolving around the global nature of the internet.”

The lack of legal clarity has been the source of frustration for some in the industry. For example, Nominet’s CEO Russell Haworth has previously suggested that DoH could be a real technological improvement but must be implemented carefully and with the full involvement of the government and law enforcement.

ISPA had previously branded Mozilla an “internet villain” for plans to roll out DoH in its Firefox web browser in July 2019. The nomination was met with ridicule at the time, with Open Rights Group (ORG) executive director Jim Killock telling IT Pro it’s “a bit like saying peanut butter is evil”.

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.