Microsoft introduces Secure DNS controls in Edge Canary browser
Microsoft released a new version of Microsoft Edge Canary recently that introduces support for Secure DNS in the browser. Microsoft Edge Canary is the cutting edge development version of the web browser, similarly to how Chrome Canary is the cutting edge version of Google's web browser.
Features land in Edge Canary first before they are pushed to Beta and then eventually to Stable versions of the browser. Secure DNS is Microsoft's implemention of DNS-over-HTTPS, a technology to encrypt DNS traffic. The domain name system DNS is used for a variety of purposes including translating domain names to IP addresses. Any request made in the Internet browser, and may requests made by other programs with Internet connectivity, rely on DNS.
Unencrypted DNS lookups mean that Internet Service Providers and other third-parties may see, record, or even manipulate these requests. DNS-based blocking is still a common form of preventing access to some Internet services in some regions of the world. While it is not very effective, as switching DNS provider is often enough to circumvent the ban, it highlights the powerful nature of DNS.
Microsoft introduces support for encrypted DNS in Windows 10 earlier this month. The feature is available in development versions of Windows 10 currently but it will make its way soon in the stable version of Windows 10 as well.
Many browser makers, Mozilla and Google need to be mentioned specifically here, have implemented support for DNS-Over-HTTPS in their browsers. Microsoft follows Google's implementation of the feature in Chrome as it decided that it would not switch the DNS provider by default. While that is arguably better than changing the DNS provider to another one automatically, it means that some users may not benefit from the feature; this is the case if the active DNS service provider does not support secure DNS. Most ISPs don't support the feature right now, for example.
Configure Secure DNS in Microsoft Edge
Secure DNS is enabled by default in Microsoft Edge Canary. It is likely that the feature will also be enabled in Beta and Stable releases once it reaches these as nothing will change for the user as the active DNS service provider will still be used by default (either with Secure DNS supported or not supported).
The default setting uses the active DNS service provider but secure DNS is only used if the provider supports it. You can use a third-party site to check if your browser supports Secure DNS and if the active Service Provider does, too.
To configure Secure DNS in Edge, do the following:
- Select Menu > Settings > Privacy, search and services, or load edge://settings/privacy directly in the browser's address bar.
- Scroll down to the Security section on the page.
- The setting "Use secure DNS to specify how to lookup the network address for websites" can be toggled on or off there; it should be on by default and the feature should be set to "use current service provider".
You may want to switch to "choose a service provider" instead if the active service provider does not support secure DNS. Another option that you have is to change the system's DNS configuration to set it to a service provider that supports secure DNS. The main difference is that the former enables secure DNS only in Edge while the latter may enable it for other browsers and Internet programs as well.
Back to Microsoft Edge. When you switch to "choose a service provider" you are presented with a list of providers to choose from. Just click in the empty field and select one of the four available providers: Quad9, Cloudflare, CleanBrowsing, Google.
You may also select a custom provider that is not integrated by default by pasting the DNS server address into the box.
Now You: Do you use secure DNS already or do you plan to?
Wow, Edge is getting a lot of coverage here lately, despite the Edge articles invoking very little interest. The last one had 5 comments so far, one of which was Martin himself. As for its qualities, it is rebranded Chromium with MS spyware replacing the Google spyware components. Had Microsoft not pushed this via Windows Update, chances are nobody would talk about it. There is not even a notable engineering feat that could potentially be a point of discussion, like Vivalid’s customizable interface or Brave’s Rust-based adblock engine that circumvents Manifest V3.
Why use Edge? Why report about Edge?
You got something wrong, buddy, this isn’t “Brave Magazine,” and Martin writes about everything! If you are not interested, *** [Editor: please no personal attacks], wait for your turn when there is an article about your favorite “Brave” browser!
@Niko
*** [Editor: please no personal attacks] I just asked a legitimate question, because Edge is receiving A LOT of coverage here for no apparent reason. Also, if anything, Brave is harshly underreported here (even Opera gets more attention for no reason), but as you may have noticed, I didn’t complain. Rather, you decided to bring the topic up in order to somewhat antagonize me (presumably).
Reporting about Firefox is understandable in so far as it at least represents diversity at the technical level (different engine). But Edge? To this degree at least? Come on…
Yes, that is the reason!
@Martin Brinkmann
OT:
There are some things I have noticed on this blog, which I thought might be worthy of relaying to you:
– The mobile interface is… suboptimal. I am always directed to it when I browse this website using a mobile browser, and then I always request the desktop version immediately, because it is so much better even on a small screen. Drop the mobile interface, kill it with fire if you have to.
– I noticed that, despite you being a Brave verified content creator, one can’t donate to you yet because you haven’t unlocked this for your website. I wanted to drop a few bucks here in appreciation for a series of articles (especially extension recommendations) that I found interesting. But nope, so far no possibility to do so.
@Iron Heart’s OT:
Interestingly, the mobile interface only shows up on Chromium mobile browsers but not on Firefox. One last reason to keep using FF, perhaps? :D
Press F9 in Firefox for the reader view, press the font controls, you can customize the look of the page!
I beg to differ, Iron Heart. EdgeC is a big project with a big impact on both desktop and mobile. One of the reasons for this is that many companies, including my own employer, are now moving everything from IE to EdgeC – including mandatory installations via MDM on employees’ work phones for all work-related web apps. It is also politically significant, as MS is a serious rival for Google, which helps keep Google away from overly monopolising the Chromium project in its current incarnation. At the moment, EdgeC doesn’t seem to have diverged enormously from Chrome, but many people prefer its UI, and MS seem to be adding many extra features at a rapid pace. I am very interested in reading about Edge here, just as I’m interested in reading about Vivaldi and Brave whenever there’s a significant development.
@ShintoPlasm
Hm, I guess MS Edge will see some healthy growth in enterprise environments, but for private persons, I don’t see the point really. Other than inertia, because it comes preinstalled now. The settings menu is not bad, but how much time does one really spend there? The main interface is a carbon copy of Chrome’s main interface.
As for MS balancing Google’s influence over the Chromium project out – I think this is mostly theoretical in nature, because both companies are inherently anti-user freedom. Their interests would have to clash somewhere, but I couldn’t think of any area where that would be the case. Microsoft will most likely also adopt Manifest V3 without workaround (the pathetic included tracking protection is not a workaround), which means it is dead in the water for anyone who mildly cares about what they are actually using and why.
The gHacks mobile website – Yeah, I guess it’s good that Firefox picks the desktop website by default in this case, but the mobile website being bad per se is on gHacks, not on any specific browser. Usually it is a sound idea to pick the mobile version of a website for small screens, but not on gHacks.
Last but not least, thank you for the first real reply here after the “Orange Browser Bad” nonsense above.
It’s a tech site, why wouldn’t they report on it? At why report on anything Brave or Vivaldi or… related when their market share is absolutely minuscule? It’s not all about popularity. If you aren’t interested in an article then just skip it, don’t comment and moan just for the sake of it. It’s like you just can’t help yourself commenting about absolutely everything, don’t.
Some people just get triggered by anything Microsoft-related.
@Ryan F
Why should I be? I merely asked what is so great about it that we need to hear about it all the time. Can’t think of any reason why.
@skynet
> It’s a tech site, why wouldn’t they report on it?
Why report about is so extensively? What is so interesting about Edge? It is meant to be a carbon copy of Chrome with you sending your data to Microsoft instead of Google now. Why should a tech blog be interested in that?
> related when their market share is absolutely minuscule?
Don’t know about Vivaldi but Brave is growing at a healthy rate, despite not being able to piggyback on a major OS (which is the case with Edge). But then again, this question was about the engineering feats of Edge(?) that could be mildly interesting, I don’t see any, so again, why report about a carbon copy?
> It’s like you just can’t help yourself commenting about absolutely everything, don’t.
I’ve already skipped a myriad of Edge articles before even asking why it massively overreported here.
The adblocker sucks after 4 years of development Microsoft tells u we collect data u could uncheck it brave promises to protect privacy but excludes twitter and Facebook while u don’t have full control over whitelist and redirect u to affiliate links.
@Anonymous
> The adblocker sucks after 4 years of development
Works fine for me, can be disabled if it doesn’t work for you.
> Microsoft tells u we collect data u could uncheck it
You can’t disable Edge’s data collection in its entirety without blocking some domains with a HOSTS file or at the network level.
> brave promises to protect privacy but excludes twitter and Facebook while u don’t have full control over whitelist and redirect u to affiliate links.
*Yawn* This has come up so often by now, but that doesn’t make it any more true, I am tired of debunking it. Making it ultra-short for you:
– They had to whitelist some elements without which the Facebook and Twitter websites wouldn’t have worked. The elements that were whitelisted were NOT trackers. The whitelist is accessible under brave://settings/socialBlocking and can be disabled there (this will break the FB & Twitter websites), so you DO have full control over it. Other browsers were never blocking the elements Brave whitelisted in the first place, criticizing Brave for not blocking stuff others do not block either (for good reason), is nonsensical.
– The referral (not affiliate) they used on some partner websites had the sole purpose of allowing these websites to count Brave users. It couldn’t be used for tracking or identification of individual Brave users, because all Brave users accessing those websites were using the very same referral. Referrals are common industry practice and not harmful, e.g. Vivaldi uses them too, to let their search engine partners count how many Vivaldi users have used their search engine.
Here is the long version, in case you are really interested:
https://www.ghacks.net/2020/08/13/chrome-may-soon-only-show-the-root-domain-name-by-default/#comment-4470718
@Anonymous
@anonymous you are parroting what you heard, you are Brave hater and you haven’t even compared Adblock performance and efficiency. you don’t even understand that even uBlock has to whitelist many stuff like on facebook and twitter because if not the sites are not going to work or let people log in and people will not be able to use the web as easy as possible without conflicts.
And I don’t know what you are talking about since you dont have control over any whitelist Adblocking list on any adblocker. But you can always add your own rules, which you can do inside Brave, so your “oh but they are not blocking X thing” it is invalid since you can force custom adblock filter list to block it in the end.
And just to expose you as a Brave troll and hater. Brave wasn’t redirecting urls to Affiliate links, thats why I said you are parroting stuff you never even cared to really understand. It only happened when people TYPED binance.us or .com in the address bar, which from all the few million using Brave I doubt even 0.1% of people use or care about binance. Brave didn’t make any money from it so it clearly shows nobody really uses it.
If you investigated a little instead of repeating from others what you clearly don’t know, you would found out that Brave never modified any link, Brave included the list on the code and it only appeared after you typed binance us or com, the problem was that the result with affiliate link appeared first and not third like it had to, so the result had to be first link to binance, second search and third link with referral numbers. So it was a problem of order, and even with that people could avoid clicking on the link by manually clicking on the 3rd result. I mean, most people go through websites from a search engine so that even make the “issue” more nonsense.
At least you had control over where to go and what to do in Brave about the referral link unlike other services like for example DuckDuckGo that you can’t opt-out their referral links to Amazon and Ebay. Brave fixed the issue within days and by default the 0.001% of people who want to use Binance won’t have any issue accidentally giving money to Brave (which they didn’t even make in the few days the issue happened). But I won’t expect you to care to even read this information, your agenda is just to hate Brave and not even understand stuff, you just repeat what others dishonest misinformers say, so this information is probably not going to even change anything.
Keep crying
@Anon
Boo-hoo, takes more than a low effort botnet swap rebrand (which is precisely what Edge is) to make me cry. Sorry to tell you.
It’s interesting watching you try to compare the Brave browser to Microsoft Edge, as if they are even remotely the same in size, reach, or even importance.
I would say that Martin does a really pretty good job of reporting the browser news reasonably favourably. And I don’t think that one should be judging the importance of a topic by the number of comments. That isn’t how it works.
I’m trying desperately to remain polite here as I type, but if you aren’t happy with how the browsers are covered here, there is an easy solution to that problem. And I doubt too many will be distressed.
@UKDad
I don’t even know who you are, I have never read anything from a “UKDad” here, don’t you think it is extremely arrogant of you to more or less tell a gHacks regular to leave, when you have just appeared here (or were passive the entire time)? Laughing at your arrogance, I tell you that. And some would surely be happy about me leaving, some would be sad (I have also received positive feedback many times), if you fall into the former category, that’s fine by me – be prepared for a major disappointment, then.
> It’s interesting watching you try to compare the Brave browser to Microsoft Edge, as if they are even remotely the same in size, reach, or even importance.
Brave is growing at a healthy rate (16 million active users by now), despite not being able to piggyback on a major OS as default browser, like Edge does. I wonder how many would care about Edge if Microsoft didn’t force it down our collective throats (with most people still ignoring it regardless), my guess is not many, since it is just Chrome, with Google’s botnet swapped out for Microsoft’s botnet, it is a vey low effort, last ditch attempt to win back Chrome users, nothing more.
Who cares? most people know brave, you surely do.
If Microsoft is going to push Edge Chromium as default soon, and many people are going to use it because they don’t care about who is Microsoft or Mozilla or Google browsers are and they think it it is fine since no web compatibility issues will happen like before, then it makes sense.
I know there are many things Brave does and are not reported, it is not only Ghacks, for example Neowin NEVER has reported about Brave or show any updates about it in the software section, while you see Edge (obviously), Chrome, Firefox, Vivaldi and even Opera and Palemoon and others.
We also have to understand that most Chromium features overlap, which is a problem. This one is a chromium feature for example and Brave team said they are working to implement it but Edge won implementing it so it makes sense they do report it, even if I thin it is not a great feature to report it is ghacks decision to do so.
Brave has done many good things many times and don’t get reported but what can we do? the big news about brave lately were about the misinformation and dishonesty about how they were hijacking and making tons of money with referral links, Brave together which is an experimental project and Sync v2 which quickly got filled with haters and ignorant “oh they should have implemented accounts like others” but it was finally great Brave news to report.
One thing about Brave team is they take their time to implement features, with reason or not, even Android extensions will take longer, sync v2 took long enough so even if they release good things they are either experimental, strangely implemented like SpeedReader or just in a “soon tm” state. So it makes it harder to report their features all the time.
I know you want to talk about Brave, sometimes I do and I try to help people on brave reddit but then I also roll my eyes how many posts I read releated to Rewards like spam, and close the browser and move on with my day. Rewards is just a boring thing to see in Brave, it makes sense in some ways and all, but when most Brave talks is about referral browser links and rewards system not working, then it is harder to report on a browser where users talk about rewards 90% of the time and they could finally give us CNAME protection and they would still talk about rewards.
Last time I even got downvoted (not like I care but I have a point about it) because someone was complaining about Sync v2 not working, I wasted my time to explain how to fix it and I still got downvoted because if you don’t join their complaint you are an enemy since they don’t seem to want to fix their issues or they are just trolls who get their agenda dismantled since Sync v2 works okay and it is not as buggy as they say. Or if you don’t agree with them that adblocker sucks then you don’t know anything about adblockers.
But anyway, you should not care if Brave news happen or not. if you know about them, it is all that should matter. You gotta remember the “Orange Browser Bad” for many, so even if Brave finally implemented everything ahead of Chrome, people would still complain about it.
This is about secure DNS which has been a problem implementing in Chrome since it uses Windows’ DNS vs. the browser’s DNS.
Chredge has it now.
Actually, there were technical issues greater than GUI customization and adblocker speed improvements.
Brave’s new ad blocking algorithm written in Rust is faster but did not circumvent Manifest V3 for extensions. Brave never had a problem with Manifest V3 since they’ve always blocked ads outside the browser, not with extensions.
https://brave.com/improved-ad-blocker-performance/
Hmmm, maybe secure DNS was a bigger challenge…
I have been very pleased with free Quad9 for a long time. Its availability has been 100% for me.
I tried to use Quad9 then saw all the censorship they have in place because of the excuse “protection from malicious domains around phishing, malware, and exploit kit domains.” in the few hours I used it, some sites that shouldn’t be blocked were blocked, while I saw they didn’t remove some other worst site. I guess “not our agenda” category is every where so it doesn’t matter if it is malicious or not, they will still block it if it doesn’t fit an agenda.
But Good luck giving power to these companies that can whitelist and blacklist any website to their convenience on the name of “secure DNS”.
These are part of Chromium.
I can understand adding encrypted DNS to Firefox or other Chrome-based browsers. A little. Seeing it in Edge makes no sense to me, however.
Edge comes with Windows, Microsoft! You remember Windows – your operating system. Make the change in Windows, and the user can control the system’s operation for all applications. This app-by-app division is insane.
Have they solved the bug (I assume/hope) where Edge plants 1st-party cookies from MSN on every page you visit when using the browser? I discovered that by accident the other evening when using YouTube Music and thought it was weird that nestled amongst the Google 1st-part cookies (expected behavior) was a “MSN” cookie.
I then went to other websites I commonly visit and found it was consistent. A clean install of Edge did not result in any change in this behavior. I know privacy using a Google or Microsoft project is a fool’s errand, but if this is intended behavior on Microsoft’s part Edge is somehow worse than Chrome when it comes to privacy. No small feat to earn that distinction.
@Mike W.
Join the Ungoogled Chromium / Brave / Vivaldi camp, it’s the only way out. Well, either that or constantly modifying Firefox / fixing Mozilla’s nonsense. Chrome / Edge / Opera are out of the question if you want privacy.
By the way, I don’t see the point in using Chrome / Edge / Opera over something more sane like Brave / Vivaldi, they are all based on Chromium, there is no advantage to the former.
@Iron Heart
Brave is my default. I have tried Vivaldi in the recent past, but the number of bugs that I ran into led me to drop it. Brave is rock solid now, and Brave Shields is now on-par with uBlock Origin in terms of effectiveness.
Edge exists on my PC as as a backup to Brave. I find Microsoft more palatable than Google in terms of privacy (generally) and Edge blows Firefox away in terms of performance. I’m not pleased with the cookie issue I mentioned above, but overall Edge is a lot better than Chrome.
@Mike W.
As for Edge – a recent study undertaken by an employee of the Trinity College, Dublin, has shown that Edge is more or less on par with Chrome as far as privacy violations go. In their summary, they point out that it even creates a hardware UUID, trackable across installations, which not even Chrome does.
Vivaldi / Brave / Ungoogled Chromium / Bromite remove connections to Google servers – Microsoft does as well, but contrary to the former, MS replaces those Google servers with their own ones, making Edge problematic.
I have heard that Edge is a good browser in terms of getting the job done (and might thus be good as a backup if you don’t trust it with your usual browsing), though honestly, so are Opera and Chrome and Brave and Vivaldi and Firefox and Safari and… Since they are all working at a fundamental level, details like privacy become more prevalent. :)
And yeah, Brave gang unite! We are legion, lol. :D
thanks work for my browser edeg