Try to encrypt DOH when using public DNS that became possible with Windows 11
DOH appears in the network adapter settings
In the Childnventional Windows 10, DOH, which was prepared as an option of Edge, is now available as a network adapter setting in Windows 11.
Windows 11で利用可能になったアダプターごとのDoH設定。有効にした場合、DNSの項目が「暗号化されています」と表示されるThis allows DOH to be used to resolve the name resolution with web browsers and apps other than Edge, and can be encrypted for the name resolution using public DNS.
DOH is a mechanism that uses the HTTPS mechanism to encrypt DNS inquiries and response.In the Childnventional DNS, "Watch.IMPRESS.Child."202", which is the destination for actually Childmmunicating from the host name "JP".218.128."Watch" to know the IP address "207".IMPRESS.Child.It was a mechanism to send the host name "JP" to the DNS server as a flat sentence.This is to encrypt this.
従来のDNSとDoHによる暗号化There are two types of ways to encrypt DNS communication: "DNS Over TLS (Dot)" and "DNS Over Https (DOH)".
Dot uses the TLS mechanism to encrypt DNS exchanges using the 853 port.If anything, it is used as a mechanism to use it for the entire OS, regardless of the communication of a specific app, but it is not supported in Windows 11.
On the other hand, DOH encrypts DNS exchanges using the 443 port using the HTTPS mechanism.This has been provided as a function for web browsers, but in Windows 11, it can be applied to the entire OS as an adapter setting.
DOT may be cut off by firewalls because it uses the 853 port, but DOH uses the same 443 port as HTTPS, so it can be used in most environments.
In addition, only communication between the terminal and the reference server is encrypted in DOH.Public DNS server (eg, 8.8.8.8 and 1.1.1.The exchange between 1) is encrypted, but if it cannot be referenced on this server (not in the cache), the information is actually exchanged between the authority server and the reference server that is actually registered.Is a flat sentence.
参照サーバー(パブリックDNS)から先の通信が暗号化されるかどうかはまた別の話
