Microsoft is testing a fix for performance issues in Microsoft Edge’s DNS-over-HTTPS feature and has once again enabled a list of suggested DoH servers.
DNS-over-HTTPS (DoH) allows DNS resolution to be performed over an encrypted HTTPS connection rather than through normal plain text DNS lookups.
As some governments and ISPs block connections to sites by monitoring DNS traffic, DoH will allow users to bypass censorship, prevent spoofing attacks, and increase privacy as their DNS requests cannot be as easily monitored.
Microsoft Edge added support for DNS-over-HTTPS (DoH) in version 86, but the prepopulated DoH providers list/configuration pane was removed after users began reporting performance issues.
“Due to a performance issue recently discovered with DNS-over-HTTPS, we have temporarily turned off the built-in list of providers and the auto-upgrade logic that looks at your OS’s DNS setting. Manually providing a resolver URL is still supported,” Microsoft Edge engineer Alex Rowell explained in an Edge Insider forum post.
Microsoft has begun testing a fix for the DNS-over-HTTPS (DoH) performance issues, and you now access the built-in list of providers once again in the latest Microsoft Edge Canary and Dev builds.
The current suggested DoH providers are CleanBrowsing, Cloudflare (1.1.1.1), Quad9 (9.9.9.9), NextDNS, Google (Public DNS), and OpenDNS.
How to enable DoH in Microsoft Edge
DoH support is included in all Microsoft Edge builds, but the feature is not enabled by default. If you want to use DoH when making DNS queries, you need to follow these steps:
- Open Edge Settings.
- Head to the Privacy, search, and services tab.
- Under “Security,” locate the “Use secure DNS to specify how to lookup the network address for websites” option.
- Enable it and use either your current service provider or choose an alternate DNS-over-HTTPS provider, such as Cloudflare and Google.
If you select to use your current service provider, and that provider does not support DoH, your DNS queries will revert back to the normal insecure DNS protocol.
You can test if DNS-over-HTTPS is working correctly by visiting Cloudflare’s Browsing Experience Security Check page, which will report whether DoH is working, as shown below.
If your current provider shows that Secure DNS (DoH) is not working, you can select one of the preconfigured DNS servers if on Edge Beta, Edge Dev, and Edge Canary and try the test again. Sometimes you may need to restart the browser after making a DoH change.
If you are using the current Microsoft Edge Stable, which does not currently contain the prepopulated list to choose from, you can select ‘Choose a service provider’ and manually enter one of the following DoH provider’s URLs:
- Cloudflare: https://chrome.cloudflare-dns.com/dns-query
- Xfinity: https://doh.xfinity.com/dns-query{?dns}
- Google: https://dns.google/dns-query{?dns}
- Quan9: https://dns11.quad9.net/dns-query
Windows 10 is getting native DoH support
Microsoft is also bringing DoH settings to Windows 10, which will allow you to browse all of your apps securely.
If you want to test built-in DoH settings in Windows 10, you need to join the Windows Insider program and download a beta build from the Dev Channel.
Once you’ve upgraded, follow these steps:
For Wi-Fi (wireless) connections, you can perform the same steps as above.
H/T Techdows