New
#1
when I enter 'pktmon start --etw -l real-time' I get this error:
C:\WINDOWS\system32>pktmon start --etw -l real-timeError: Parameter '-l' modifies parameter '--provider'.
If you have been waiting to try DNS over HTTPS (DoH) on Windows 10, you're in luck: the first testable version is now available to Windows Insiders! If you haven’t been waiting for it, and are wondering what DoH is all about, then be aware this feature will change how your device connects to the Internet and is in an early testing stage so only proceed if you’re sure you’re ready. Having said that, if you want to see the Windows DoH client in action and help us create a more private Internet experience for our customers, here is what you need to do:
First, make sure your Microsoft account is part of the Windows Insider Program. If you know you are already a Windows Insider, make sure you are in the Fast ring and go to Step 2. If not, go here and follow the instructions for the Fast ring so you can get the latest Insider Preview build.
Once this is done, run Windows Update, reboot, and verify you’re running Build 19628 or higher. You can do this by clicking here or by going to the Settings app -> System -> About.
Once you know your Windows install has our DoH client, we need to activate it. You can do that by:
Download Enable_DNS_over_HTTPS_in_Windows10.reg
Download
OR
- Opening the Registry Editor
- Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters registry key
- Create a new DWORD value named “EnableAutoDoh”
- Set its value to 2
Please note: the registry keys and values described here are only for enabling DoH client testing on Insider builds. When the DoH client is made available in general release builds, registry configuration of DoH will not be supported.
Now that the DoH client is active, Windows will start using DoH if you already have one of these servers configured:
Server Owner Server IP addresses Cloudflare 1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::10018.8.8.8
8.8.4.4
2001:4860:4860::8888
2001:4860:4860::8844Quad9 9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::fe:9
You can configure Windows to use any of these IP addresses as a DNS server through the Control Panel or the Settings app. The next time the DNS service restarts, we’ll start using DoH to talk to these servers instead of classic DNS over port 53. The easiest way to trigger a DNS service restart is by rebooting the computer.
How to Change IPv4 and IPv6 DNS Server Address in Windows
To add a DNS server in the Control Panel:
- Go to Network and Internet -> Network and Sharing Center -> Change adapter settings.
- Right click on the connection you want to add a DNS server to and select Properties.
- Select either “Internet Protocol Version 4 (TCP/IPv4)” or “Internet Protocol Version 6 (TCP/IPv6)” and click Properties.
- Ensure the “Use the following DNS server addresses” radio button is selected and add the DNS server address into the fields below.
Now that you have Windows configured to use DoH, you should be able to verify it’s working by seeing no more plain text DNS traffic from your device. You can do this by using Packetmon, a network traffic analyzer included with Windows.
You can also check how secure your browsing experience is at:
Cloudflare Browsing Experience Security Check
Start by opening a new Command Prompt or PowerShell window. Run the following command to reset any network traffic filters PacketMon may already have in place.
pktmon filter remove
Run the following command to add a traffic filter for port 53, the port classic DNS uses (and which should now be silent since we’re only using DoH).
pktmon filter add -p 53
Run the following command to start a real-time logging of traffic. All port 53 packets will be printed to the command line. If your device is only configured with DoH servers, this should show little to no traffic.
pktmon start --etw -m real-time
If you’re trying to test a DoH server that isn’t already on our auto-promotion list, such as your ISP’s DoH servers, you can add it to our list manually using the command line. First, identify the IP address and the DoH URI template for the server you want to add. Then, run the following command as an administrator:
netsh dns add encryption server=<your-server’s-IP-address> dohtemplate=<your-server’s-DoH-URI-template>
You can verify the template was applied to the well-known DoH server list by running this command, which should show you the template being used for a given IP address:
netsh dns show encryption server=<your-server’s-IP-address>
Now when Windows is configured to use that IP address as a DNS server, it will use DoH instead of classic DNS.
Source: https://techcommunity.microsoft.com/...s/ba-p/1381282
Change IPv4 and IPv6 DNS Server Address in Windows
How to Enable or Disable DNS over HTTPS (DoH) in Microsoft Edge
How to Enable or Disable DNS over HTTPS (DoH) in Google Chrome
How to Enable or Disable DNS over HTTPS (DoH) in Firefox
when I enter 'pktmon start --etw -l real-time' I get this error:
C:\WINDOWS\system32>pktmon start --etw -l real-timeError: Parameter '-l' modifies parameter '--provider'.
About time, but still, doing it over DNS Cache, that is just so wrong. Securing DNS with an insecure service?!
I would expect DNS Cache to be deprecated and not encouraged. Maybe in another 10 years, MS needs time.
I set everything up as shown. I used the downloaded file to make the Reg chances. When I run this command pktmon start --etw -m real-time in Powershell I get a list that just keeps on scrolling.
cmd corection is OK now. The reg tweak gives a clearer picture of DoH encryption compare to FF option.
Displays outbound traffic. cmd must be closed for further investigations.Code:C:\Windows\system32>pktmon filter remove Removed all filters. C:\Windows\system32>pktmon filter add -p 53 Filter added. C:\Windows\system32>pktmon start --etw -m real-time Collected Data: Packet counters, packet capture Capture Type: All packets Monitored Components: All Packet Filters: # Name Port - ---- ---- 1 <empty> 53 Processing...
Works fine here and a nice addition.Code:C:\Windows\system32>pktmon start --etw -m real-time Packet Monitor is already started. C:\Windows\system32>netsh dns add encryption server=1.1.1.1 dohtemplate=google.com C:\Windows\system32>netsh dns show encryption server=1.1.1.1 Encryption settings for 1.1.1.1: ---------------------------------------------------------------------- DNS-over-HTTPS template : google.com C:\Windows\system32>nslookup google.com Server: one.one.one.one Address: 1.1.1.1 Non-authoritative answer: Name: google.com Addresses: 2607:f8b0:400b:809::200e 172.217.164.206 C:\Windows\system32>nslookup tenforums.com Server: one.one.one.one Address: 1.1.1.1 Non-authoritative answer: Name: tenforums.com Addresses: 2606:4700:20::681a:cc3 2606:4700:20::681a:dc3 104.26.12.195
Edit: Tested in FF stable only with DoH OFF.
Last edited by MikeMecanic; 16 May 2020 at 18:42.
I don't think it was working on my desktop so I deleted the entry in the registry.