Reply to post: So its all as clear as mud!

Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol

Roland6 Silver badge

So its all as clear as mud!

Interesting article on How To Geek.

Basically, there are three issues down to implementation choices.

1) The protection of DNS traffic, in this respect the only real difference between DoT and DoH is the use of different TCP/UDP ports.

2) How a client selects a DNS service.

3) The default out-of-the-box behaviour and the extent to which it can be overridden.

These last two are in the hands of the developer and I think aren't specified in the RFC.

Mozilla have decided that Firefox will default to using the Cloudflare DoH service and thus bypass host system DNS settings, the user has to actively either change the default DoH server (can still bypass host system DNS settings) or disable DoH (and use host system DNS).

Google with Chrome are saying that they will use the host systems DNS server using either DNS or DoH depending on what that DNS server supports.

Microsoft are saying they will implement DoH at the OS level, ie. the Windows network client will natively support communications over DNS or DoH depending on the DNS server configuration - I assume there will be some security protocol/procedure that will enable a client system to negotiate an appropriate level of communication security (I wonder if the MS solution will also include DNSsec).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020