Zero-Trust DNS Intended to Help Keep Windows Secure

• Zero-Trust DNS is a new technology, in preview, intended to improve the privacy and security of DNS on Windows endpoints.
• It works by limiting where those endpoints can connect and the protocols they can use, which improves security but will likely break many scenarios that rely on traditional DNS connections.
• Additional details will likely be discussed later in 2024, but organizations interested in this feature should request to join the private preview.

To help security-conscious organizations secure their Windows infrastructure, Microsoft has released a private preview of Zero-Trust DNS (ZTDNS), which includes new standards-based encrypted DNS protocol support on Windows endpoints, and a new encrypted server-side infrastructure for it to securely communicate with. Organizations with interest in ZTDNS should proactively engage with Microsoft early. Deployment of the technology is likely to be complicated and could break common networking scenarios, including “captive portals” used to capture network traffic in public spaces, Windows network discovery protocols, and specialized protocols like UPnP and mDNS, and may come with additional costs once licensing and packaging details have been provided by Microsoft. ZTDNS is not likely to become a consumer-centric solution anytime soon and will likely make the most sense in highly secure, targeted organizations, including governments in the United States and abroad.