Microsoft Adds DNS over TLS to Windows 11 Test Release

Microsoft on Wednesday announced features in Windows 11, build 25158, for its Windows Insider Program testers that includes a new Domain Name System (DNS) over Transport Layer Security (TLS) encryption option.

DNS over TLS, abbreviated as "DoT," is used as an Internet privacy and security measure to encrypt the query traffic that gets resolved by DNS servers. Typically, an Internet query, such as a search for a Web site, is sent in plain text, which Internet service providers, and sometimes attackers, can view. The DNS server resolves the plain text query into numbers for traffic routing purposes. DoT offers privacy and better security for Internet users by encrypting the query that gets sent.

DoT has similarities to DNS over HTTPS encryption, known as "DoH," but it avoids the use of the HTTPS protocol and uses Port 853 exclusively. DoH, which is currently supported in Windows 11 and Windows Server 2022, uses HTTPS and Port 443, which is the port that's generally used for HTTPS traffic.

DoT is said to better for IT pros because "it gives network administrators the ability to monitor and block DNS queries, which is important for identifying and stopping malicious traffic," according to this DoT vs. DoH article by Cloudflare. However, the article added that DoH can be considered to be better from a privacy perspective since "DNS queries are hidden within the larger flow of HTTPS traffic."

The use of DoT with Windows 11, build 25158, requires setup via a command-line interface, which is described in this article by Tommy Jensen of Microsoft's Windows core networking team. DoT users could actually see a "small performance improvement depending on the network environment," Jensen indicated.

Lots can go wrong with the setup. However, the use of DoT is supported by various public resolvers. "Quad9, Cloudflare, Cisco (OpenDNS), and Google have been tested and are known to work," Jensen indicated.

Microsoft's other improvements in Windows 11, build 25158, include a Nyla font update and various bug fixes.

Dev Channel Perks
On the Dev Channel side for Windows Insider Program testers, Microsoft on Wednesday highlighted an updated Camera app (version 2022.2206.2.0), which has QR barcode scanning capabilities.

Also, the Media Player app (version 11.2206.30.0) in the Windows 11 Dev Channel release now has the ability to rip CD content. It has support for the "AAC, WMA, FLAC, and ALAC" formats.

Microsoft also mentioned an updated Movies and TV app (version 10.22061 and greater) for Dev Channel testers. The app is getting native Arm64 support. It's also getting the ability to leverage the file types that were used with earlier versions of the Movies and TV app.

Beta Channel Split
Also, for Windows Insider Program testers on the Beta Channel, Microsoft had explained earlier this month that it has established a split testing approach. With this change, some Windows 11 testers will get new features to try, while others will have those features turned off by default.

The split in the Beta Channel is conceived as helping Microsoft better address issues with its new Windows 11 releases.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube