Disappointed to find that Windows DNS Server doesn’t seem to support DNS over HTTPS. I was setting up access to one of our systems using a loopback or hairpin NAT policy but found out it couldn’t be done that way, so I decided to set it up as a local DNS entry to direct us to an internal resource.
After setting that up, I noticed getting to the resource was incredibly slow by name and fast by ip. Web Dev tools also let me know that DNS was to blame. I didn’t understand why my local DNS would be responding so slow, but remembered that Firefox and other browsers now use DoH (DNS over HTTPS).
Did a quick search and confirmed that this is something that happens and you can exclude specific domains from DoH: https://www.thewindowsclub.com/remove-specific-domains-from-firefox-dns-over-https
In Firefox address bar type: about:config
Confirm that you know what you are doing, in the search box type in: network.trr.excluded-domains
Click the pencil and add the domain in question. Refresh the webpage and it should load much faster.
After doing this, the page loaded very quickly.
Opting out of DoH entirely is probably not a wise security stance, so keeping this limited to internal and necessary hosts seems acceptable.
dyers in IT 