Microsoft adds DNS over TLS to Windows 11 test build
Microsoft on announced Wednesday features of Windows 11, build 25158, for its Windows Insider Program which includes a new Domain Name System (DNS) encryption option over Transport Layer Security (TLS).
DNS over TLS, abbreviated as “DoT”, is used as an Internet privacy and security measure to encrypt query traffic that is resolved by DNS servers. Typically, an internet request, such as a website search, is sent in plain text, which internet service providers, and sometimes attackers, can view. The DNS server resolves the plain text query into numbers for traffic routing purposes. DoT offers privacy and better security to Internet users by encrypting the request sent.
DoT has similarities to DNS encryption over HTTPS, known as “DoH”, but it avoids the use of the HTTPS protocol and exclusively uses port 853. DoH, which is currently supported in Windows 11 and Windows Server 2022, uses HTTPS and port 443, which is the port typically used for HTTPS traffic.
DoT is said to be better for IT pros because “it gives network administrators the ability to monitor and block DNS queries, which is important for identifying and stopping malicious traffic,” according to this article DoT vs. DoH by Cloudflare. However, the article adds that DoH can be considered better from a privacy perspective since “DNS queries are hidden in the larger stream of HTTPS traffic.”
Using DoT with Windows 11, build 25158, requires configuration through a command-line interface, which is described in This article by Tommy Jensen of Microsoft’s Windows Core Networking Team. DoT users might actually see a “small performance boost depending on the network environment,” Jensen said.
A lot of things can go wrong with the setup. However, the use of DoT is supported by various public resolvers. “Quad9, Cloudflare, Cisco (OpenDNS), and Google have been tested and are known to work,” Jensen said.
Other Microsoft improvements in Windows 11, version 25158 include an updated Nyla font and various bug fixes.
Dev Channel Benefits
On the Dev Channel side for Windows Insider Program testers, Microsoft on Highlighted Wednesday an updated Camera app (version 2022.2206.2.0), with QR barcode scanning capabilities.
Additionally, the Media Player app (version 11.2206.30.0) from the Windows 11 Dev Channel build now has the ability to rip CD content. It supports “AAC, WMA, FLAC and ALAC” formats.
Microsoft also mentioned an updated Movies and TV app (version 10.22061 and above) for Dev Channel testers. The application has native Arm64 support. It also gets the ability to leverage file types used with earlier versions of the Movies & TV app.
Beta channel separation
Additionally, for Windows Insider Program testers on the beta channel, Microsoft explained earlier this month that it has a split testing approach in place. With this change, some Windows 11 testers will have new features to try, while others will have those features turned off by default.
The split in the beta channel is designed to help Microsoft better troubleshoot issues with its new versions of Windows 11.