Microsoft introduces Secure DNS controls in Edge Canary browser
Microsoft released a new version of Microsoft Edge Canary recently that introduces support for Secure DNS in the browser. Microsoft Edge Canary is the cutting edge development version of the web browser, similarly to how Chrome Canary is the cutting edge version of Google's web browser.
Features land in Edge Canary first before they are pushed to Beta and then eventually to Stable versions of the browser. Secure DNS is Microsoft's implemention of DNS-over-HTTPS, a technology to encrypt DNS traffic. The domain name system DNS is used for a variety of purposes including translating domain names to IP addresses. Any request made in the Internet browser, and may requests made by other programs with Internet connectivity, rely on DNS.
Unencrypted DNS lookups mean that Internet Service Providers and other third-parties may see, record, or even manipulate these requests. DNS-based blocking is still a common form of preventing access to some Internet services in some regions of the world. While it is not very effective, as switching DNS provider is often enough to circumvent the ban, it highlights the powerful nature of DNS.
Microsoft introduces support for encrypted DNS in Windows 10 earlier this month. The feature is available in development versions of Windows 10 currently but it will make its way soon in the stable version of Windows 10 as well.
Many browser makers, Mozilla and Google need to be mentioned specifically here, have implemented support for DNS-Over-HTTPS in their browsers. Microsoft follows Google's implementation of the feature in Chrome as it decided that it would not switch the DNS provider by default. While that is arguably better than changing the DNS provider to another one automatically, it means that some users may not benefit from the feature; this is the case if the active DNS service provider does not support secure DNS. Most ISPs don't support the feature right now, for example.
Configure Secure DNS in Microsoft Edge
Secure DNS is enabled by default in Microsoft Edge Canary. It is likely that the feature will also be enabled in Beta and Stable releases once it reaches these as nothing will change for the user as the active DNS service provider will still be used by default (either with Secure DNS supported or not supported).
The default setting uses the active DNS service provider but secure DNS is only used if the provider supports it. You can use a third-party site to check if your browser supports Secure DNS and if the active Service Provider does, too.
To configure Secure DNS in Edge, do the following:
- Select Menu > Settings > Privacy, search and services, or load edge://settings/privacy directly in the browser's address bar.
- Scroll down to the Security section on the page.
- The setting "Use secure DNS to specify how to lookup the network address for websites" can be toggled on or off there; it should be on by default and the feature should be set to "use current service provider".
You may want to switch to "choose a service provider" instead if the active service provider does not support secure DNS. Another option that you have is to change the system's DNS configuration to set it to a service provider that supports secure DNS. The main difference is that the former enables secure DNS only in Edge while the latter may enable it for other browsers and Internet programs as well.
Back to Microsoft Edge. When you switch to "choose a service provider" you are presented with a list of providers to choose from. Just click in the empty field and select one of the four available providers: Quad9, Cloudflare, CleanBrowsing, Google.
You may also select a custom provider that is not integrated by default by pasting the DNS server address into the box.
Now You: Do you use secure DNS already or do you plan to?Advertisement