Windows 10 Insiders can now test DNS over HTTPS Insider

Page 1 of 4 123 ... LastLast
    Windows 10 Insiders can now test DNS over HTTPS

    Windows 10 Insiders can now test DNS over HTTPS

    Category: Insider
    Last Updated: 17 May 2020 at 13:10

    If you have been waiting to try DNS over HTTPS (DoH) on Windows 10, you're in luck: the first testable version is now available to Windows Insiders! If you haven’t been waiting for it, and are wondering what DoH is all about, then be aware this feature will change how your device connects to the Internet and is in an early testing stage so only proceed if you’re sure you’re ready. Having said that, if you want to see the Windows DoH client in action and help us create a more private Internet experience for our customers, here is what you need to do:

    First, make sure your Microsoft account is part of the Windows Insider Program. If you know you are already a Windows Insider, make sure you are in the Fast ring and go to Step 2. If not, go here and follow the instructions for the Fast ring so you can get the latest Insider Preview build.

    Once this is done, run Windows Update, reboot, and verify you’re running Build 19628 or higher. You can do this by clicking here or by going to the Settings app -> System -> About.

    Once you know your Windows install has our DoH client, we need to activate it. You can do that by:

    Download Enable_DNS_over_HTTPS_in_Windows10.reg

    Download

    OR

    • Opening the Registry Editor
    • Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters registry key
    • Create a new DWORD value named “EnableAutoDoh”
    • Set its value to 2

    Please note: the registry keys and values described here are only for enabling DoH client testing on Insider builds. When the DoH client is made available in general release builds, registry configuration of DoH will not be supported.



    Now that the DoH client is active, Windows will start using DoH if you already have one of these servers configured:

    Server Owner Server IP addresses
    Cloudflare 1.1.1.1
    1.0.0.1
    2606:4700:4700::1111
    2606:4700:4700::1001
    Google 8.8.8.8
    8.8.4.4
    2001:4860:4860::8888
    2001:4860:4860::8844
    Quad9 9.9.9.9
    149.112.112.112
    2620:fe::fe
    2620:fe::fe:9

    You can configure Windows to use any of these IP addresses as a DNS server through the Control Panel or the Settings app. The next time the DNS service restarts, we’ll start using DoH to talk to these servers instead of classic DNS over port 53. The easiest way to trigger a DNS service restart is by rebooting the computer.

    How to Change IPv4 and IPv6 DNS Server Address in Windows

    To add a DNS server in the Control Panel:

    • Go to Network and Internet -> Network and Sharing Center -> Change adapter settings.
    • Right click on the connection you want to add a DNS server to and select Properties.
    • Select either “Internet Protocol Version 4 (TCP/IPv4)” or “Internet Protocol Version 6 (TCP/IPv6)” and click Properties.
    • Ensure the “Use the following DNS server addresses” radio button is selected and add the DNS server address into the fields below.

    Now that you have Windows configured to use DoH, you should be able to verify it’s working by seeing no more plain text DNS traffic from your device. You can do this by using Packetmon, a network traffic analyzer included with Windows.

    You can also check how secure your browsing experience is at:

    Cloudflare Browsing Experience Security Check


    Start by opening a new Command Prompt or PowerShell window. Run the following command to reset any network traffic filters PacketMon may already have in place.

    pktmon filter remove

    Run the following command to add a traffic filter for port 53, the port classic DNS uses (and which should now be silent since we’re only using DoH).

    pktmon filter add -p 53

    Run the following command to start a real-time logging of traffic. All port 53 packets will be printed to the command line. If your device is only configured with DoH servers, this should show little to no traffic.

    pktmon start --etw -m real-time

    If you’re trying to test a DoH server that isn’t already on our auto-promotion list, such as your ISP’s DoH servers, you can add it to our list manually using the command line. First, identify the IP address and the DoH URI template for the server you want to add. Then, run the following command as an administrator:

    netsh dns add encryption server=<your-server’s-IP-address> dohtemplate=<your-server’s-DoH-URI-template>

    You can verify the template was applied to the well-known DoH server list by running this command, which should show you the template being used for a given IP address:

    netsh dns show encryption server=<your-server’s-IP-address>

    Now when Windows is configured to use that IP address as a DNS server, it will use DoH instead of classic DNS.


    Source: https://techcommunity.microsoft.com/...s/ba-p/1381282


    Change IPv4 and IPv6 DNS Server Address in Windows

    How to Enable or Disable DNS over HTTPS (DoH) in Microsoft Edge

    How to Enable or Disable DNS over HTTPS (DoH) in Google Chrome

    How to Enable or Disable DNS over HTTPS (DoH) in Firefox

    Brink's Avatar Posted By: Brink
    13 May 2020


  1. swarfega
    Posts : 7,254
    Windows 10 Pro 64-bit
       New #1

    when I enter 'pktmon start --etw -l real-time' I get this error:

    C:\WINDOWS\system32>pktmon start --etw -l real-timeError: Parameter '-l' modifies parameter '--provider'.
      My Computers
    Quote Quote

  3. TairikuOkami
    Posts : 5,452
    Windows 11 Home
       New #2

    About time, but still, doing it over DNS Cache, that is just so wrong. Securing DNS with an insecure service?!
    I would expect DNS Cache to be deprecated and not encouraged. Maybe in another 10 years, MS needs time.
      My Computer
    Quote Quote

  4. susahamat
    Posts : 3
    Windows 10
       New #3

    swarfega said:
    when I enter 'pktmon start --etw -l real-time' I get this error:
    same here
      My Computer
    Quote Quote

  6. z3r010
    Posts : 10,741
    Windows 11 Workstation x64
       New #4

    swarfega said:
    when I enter 'pktmon start --etw -l real-time' I get this error:
    susahamat said:
    same here
    There was a mistake in the original instructions, it's been fixed now if you want to try again.
      My Computers
    Quote Quote

  7. swarfega
    Posts : 7,254
    Windows 10 Pro 64-bit
       New #5

    Thanks will try that this evening.
      My Computers
    Quote Quote

  8. Winuser
    Posts : 7,128
    Windows 10 Pro Insider
       New #6

    I set everything up as shown. I used the downloaded file to make the Reg chances. When I run this command pktmon start --etw -m real-time in Powershell I get a list that just keeps on scrolling.
      My Computers
    Quote Quote

  9. MikeMecanic
    Posts : 1,079
    10 + Linux
       New #7

    10.0.19628.1: DoH Feature Manganese First Release


    cmd corection is OK now. The reg tweak gives a clearer picture of DoH encryption compare to FF option.

    Code:
    C:\Windows\system32>pktmon filter remove
Removed all filters.

C:\Windows\system32>pktmon filter add -p 53
Filter added.

C:\Windows\system32>pktmon start --etw -m real-time
Collected Data:
    Packet counters, packet capture
Capture Type:
    All packets
Monitored Components:
    All
Packet Filters:
     # Name    Port
     - ----    ----
     1 <empty>   53
Processing...
    Displays outbound traffic. cmd must be closed for further investigations.


    Code:
    C:\Windows\system32>pktmon start --etw -m real-time
Packet Monitor is already started.
C:\Windows\system32>netsh dns add encryption server=1.1.1.1 dohtemplate=google.com

C:\Windows\system32>netsh dns show encryption server=1.1.1.1
Encryption settings for 1.1.1.1:
----------------------------------------------------------------------
DNS-over-HTTPS template     : google.com

C:\Windows\system32>nslookup google.com
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    google.com
Addresses:  2607:f8b0:400b:809::200e
          172.217.164.206

C:\Windows\system32>nslookup tenforums.com
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    tenforums.com
Addresses:  2606:4700:20::681a:cc3
          2606:4700:20::681a:dc3
          104.26.12.195
    Works fine here and a nice addition.
    Edit: Tested in FF stable only with DoH OFF.
    Last edited by MikeMecanic; 16 May 2020 at 18:42.
      My Computer
    Quote Quote

  10. swarfega
    Posts : 7,254
    Windows 10 Pro 64-bit
       New #8

    Appears to be working nicely.
      My Computers
    Quote Quote

  12. Winuser
    Posts : 7,128
    Windows 10 Pro Insider
       New #9

    I don't think it was working on my desktop so I deleted the entry in the registry.
      My Computers
    Quote Quote

 

  Related Discussions
Source: Join the Project Resistance Closed Beta Test on Xbox One! - Xbox Wire 1178673314656423936
Hi, Today i got two BSOD no where out of blue, my laptop was running well without any problem earlier before this issue. Then i did PC doctor test first it said advance pattern test failed, then i ram memtest86 and it showed nothing, no errors then...
Windows 10 access https
in Browsers and Email

Hello, We installed the windows 10 in 2 PC. We cannot access remotely the NAS via https address. Before the OS modifications it was OK. Now I have II7 error when I put my address in navigator. Can you help me? Best regards.
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 20:27.
Find Us




Windows 10 Forums