DNS-over-HTTPS is coming to Windows 10
For fans of DNS-over-HTTPS (DoH) privacy, it must feel like a dam of resistance is starting to break.
Mozilla Firefox and Cloudflare were the earliest adopters of this controversial new way to make DNS queries private by encrypting them, followed not long after by the weight of Google, which embedded DoH into Chrome as a non-default setting.
This week an even bigger name joined the party Windows 10 which Microsoft has announced will integrate the ability to use DoH, and eventually also its close cousin DNS-over-TLS (DoT), into its networking client.
It looks like game over for the opponents of DoH, predominantly ISPs which have expressed a nest of worries – some rather self-serving (we can’t monetise DNS traffic we can’t see) and others which perhaps deserve a hearing (how do we filter out bad domains?).
Things got so hyperbolic that last summer the UK ISP Association (ISPA) even shortlisted Mozilla for an “Internet Villain” award to punish its enthusiasm for DoH before backing down after a public backlash.
Earlier this month, Mozilla retaliated, accusing ISPs of misrepresenting the technical arguments around encrypted DNS.
We’ve already covered how DoH and DoT work in previous articles, but the gist is they encrypt the queries a computer makes to DNS servers in a way that means intermediaries such as ISP and governments can’t easily see which websites are being visited.
Another way to think of it is that DoH extends the benefits of HTTPS security to DNS traffic. While not perfectly private (data still leaks via things like Server Name Indication), it’s better than sending DNS queries in the clear.
In fact, DoT has some advantages over DoH, but requires ports to be opened in routers/firewalls. DoH is indistinguishable from regular web browsing traffic whereas DoT runs in its own lane, making it easier to block or filter, and requires users to configure more settings to make it work.
Because DoH piggybacks HTTPS, it just works out of the box as long as the client software supports it, that is. That’s why Windows 10 integration, whenever that appears, is important.