Virtual

Join the Zoom Event (coming soon)

DNS traffic is rarely encrypted on endpoints, with plain-text queries going back and forth over the network on port 53. On an enterprise network, this is usually not a concern, but as endpoints leave trusted networks, it is imperative that steps be taken to ensure privacy and security to mask DNS requests as normal HTTPS traffic.

RFC 8484, DNS Queries over HTTPS (DoH), was adopted by the IETF in October 2018. Since then, Windows clients have been able to take advantage of DNS encryption: Windows 11 and Windows Server 2022 both support DoH. However, Microsoft has not supported DNS over TLS (DoT) or DNS over HTTPS (DoH) in the past for its built-in DNS server. With the recent release of Windows Server 2025, Microsoft has begun testing the implementation of DoH on Windows Server. While not yet ready for production, this is an important step forward in providing end-to-end encryption for DNS queries on DNS servers that can be encrypted and managed centrally.

This presentation will go over the above, then go into DoH and Windows Server 2025’s implementation and the lessons learned along the way.

Presenter(s)

• Jay Scholz