Disable Secure DNS (DNS over HTTPS) for WebView2 embedded browser

[schikura]

By default, the WebView2 embedded browser is using Secure DNS for DNS query resolutions, which I do not want.

And, I am not able to find any configurable way to disable the Secure DNS(DNS over HTTPS).

Is there anyway this can be done programmatically using CoreWebView2 SDK?

[victorthoang]

hello @schikura,

Could you provide a brief explanation of what you are trying to accomplish by disabling Secure DNS?

By default, we don't have a way to programmatically disable this (mostly to keep our philosophy of having webview behave similary to Edge and lightweight).

[schikura]

Hi @victorthoang ,

Thanks for the response.
We have some product use cases where parsing of the DNS responses is critical.
We need a programmatical way to enable/disable Secure DNS.

[victorthoang]

Hello @schikura,

I've included @LiangTheDev to weigh in on this question for some further discussion. It sounds like what you are trying to accomplish simply doesn't exist with wv2 today and might be worth pursuing if there is a strong use case among the industry.

[erik-anderson]

We're interested in better understanding your scenario to make sure that what we put on the backlog will appropriately meet your use case.

Where are you parsing the DNS requests/responses? On-client or off-client on the network? Is this for a network protection scenario?

If on-client by leveraging some OS DNS diagnostics, then I should also note that the browser platform has the ability to use its own DNS client which is used in certain contexts; in the Edge browser it currently defaults to using the OS's DNS client on Windows, but on Mac it uses its own resolver.

If you're inspecting packets off-client, then you potentially need to evaluate future OS DNS client changes which may cause the OS resolver to also use a secure DNS mechanism (e.g. see https://learn.microsoft.com/en-us/windows-server/networking/dns/doh-client-support).

Is this something you need to do only in an enterprise/managed device context or is your hosting application something that would be used in a non-enterprise-managed environment?

It would be reasonable to expose the ability to turn off DNS-over-HTTPS for WebView2 hosts, but the best way to handle that may be an enterprise policy that affects WebView2 hosts. Similarly, a mechanism for controlling if the built-in vs OS DNS client gets used might also be needed for your scenario.