Reply to post: Real Issue

Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol

kmedcalf

Real Issue

Nobody seems to have addressed the real issue here. While Microsoft adding support for Homer Simpson DNS resolution and serving (DoH) is all very dandy, I am quite sure that they will require that Windows Server have IIS installed to be able to handle the H part of DoH, thus hugely increasing the attack surface of the server for very little to no gain in actual security (and actually a significant decrease in security since IIS is known to be a buggy insecure turd).

This will take a lot of work to implement and is likely to be highly restrictive. For example, in the Windows domain model the default DNS lives on the Domain Controllers, why would you want your DC's to be running IIS?

It all seems rather foolish to me.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020