Microsoft announced that it will add support for DoH (DNS over HTTPS) protocol in future versions of Windows 10, and will also retain the support of the DoT (DNS over TLS) is.
DoH designed to allow for DNS resolution through an encrypted HTTPS connection, and DoT by Transport Layer Security (TLS) protocol instead of plain text is encrypted and encapsulated DNS lookup DNS query.
Compared to the traditional DNS, and cloud service providers to make a DNS request through HTTPS, on a non-cached DNS queries minimal performance impact, most of the queries only about 6 milliseconds slower, but weigh the security and privacy of data perspective, Mozilla think it is acceptable costs. And in some cases, even faster than a conventional DNS hundreds of milliseconds.
By DoH added to the Windows 10 core network (Windows Core Networking), Microsoft DNS hope all customer inquiries carried out by encrypting plain text and delete the domain name usually appears in an insecure network traffic to improve its customer on the Internet security and privacy.
Microsoft said: "A lot of people think that encryption requires DNS DNS centralized, but only without the use of general situation this is the correct encryption DNS to maintain the dispersion of the DNS for the client operating system (such as Windows) and Internet. as a service provider, widely used encryption of DNS is critical. "
Meanwhile, Microsoft introduced Windows 10 is used to determine the built-in encryption protocol and DNS configuration principles:
- By default, Windows DNS must have the highest possible privacy and functionality without user or administrator to configure, because Windows DNS traffic on behalf of a user browsing history snapshots. For Windows users, this means that Windows can make their experience as much as possible of privacy; For Microsoft, this means that it will seek to encryption without changing the user and system administrator settings you have configured DNS resolver Windows DNS traffic.
- Pay attention to the privacy of users and Windows administrators do not even know what DNS is also need to guide them to the DNS settings. Many interested users to control their privacy, and look set to privacy-centric applications such as permission and location of the camera, but may not notice or do not know the DNS settings, or may not understand its importance.
- Windows users and administrators need to be able to improve their DNS configuration by as few simple operations. Windows users need to be sure that does not require specialized knowledge or work, you can benefit from the encrypted DNS. Corporate strategy and UI operations should only be executed once, without the need for maintenance.
- After you configure the Windows users and administrators need to explicitly allow back-off from the encryption of DNS. After Windows is configured to use an encrypted DNS, if a Windows user or administrator does not receive other instructions shall be assumed ban falls back unencrypted DNS.
For more details, see the original blog: