Microsoft is set to enhance security within Windows Server 2025 by introducing DNS over HTTPS (DoH). This new feature, which allows for encrypted DNS traffic, has long been available on Windows client editions, and its extension to server versions marks a significant move in improving network safety.
Historically, the Domain Name System (DNS) has operated on unencrypted traffic, making it vulnerable to eavesdropping and tampering. Microsoft’s DoH implementation aims to address these weaknesses by encrypting communications between clients and servers using HTTPS secured with TLS certificates. This added layer of security is part of Microsoft’s broader "Zero Trust" architecture, which operates on the premise that no user or device can be inherently trusted.
With nearly every service and application relying on DNS, the switch to encrypted traffic could help protect sensitive information from potential malicious third parties. The IETF DNS over HTTPS standard (RFC 8484) guides Microsoft’s implementation to ensure compatibility with modern clients adhering to the specification. It will work alongside existing infrastructure, allowing organizations to gradually adopt DoH without disrupting their current unencrypted DNS services.
After testing the preview version with outside organizations, Microsoft reports confidence that the DoH feature will deliver substantial security benefits while minimizing additional responsibilities for system administrators. Organizations can implement it at their own pace while still maintaining their current DNS operations.
The feature will be available for Windows Server 2025 systems that have been updated with the latest Patch Tuesday releases. A detailed guide for enabling and validating DoH is provided by Microsoft, which notes that traffic exchanged between two DNS servers will remain unencrypted under this new implementation.
For more information, you can check out the official Microsoft announcement on DoH.