Home
%3CLINGO-SUB%20id%3D%22lingo-sub-1381282%22%20slang%3D%22en-US%22%3EWindows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1381282%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20you%20have%20been%20waiting%20to%20try%20DNS%20over%20HTTPS%20(DoH)%20on%20Windows%2010%2C%20you're%20in%20luck%3A%20the%20first%20testable%20version%20is%20now%20available%20to%20Windows%20Insiders!%26nbsp%3BIf%20you%20haven%E2%80%99t%20been%20waiting%20for%20it%2C%20and%20are%20wondering%20what%20DoH%20is%20all%20about%2C%20then%20be%20aware%20this%20feature%20will%20change%20how%20your%20device%20connects%20to%20the%20Internet%20and%20is%20in%20an%20early%20testing%20stage%20so%20only%20proceed%20if%20you%E2%80%99re%20sure%20you%E2%80%99re%20ready.%20Having%20said%20that%2C%20if%20you%20want%20to%20see%20the%20Windows%20DoH%20client%20in%20action%20and%20help%20us%20create%20a%20more%20private%20Internet%20experience%20for%20our%20customers%2C%20here%20is%20what%20you%20need%20to%20do%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-445163412%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%20id%3D%22toc-hId-445163415%22%3EStep%201%3A%20How%20do%20I%20get%20a%20Windows%20build%20with%20DoH%20support%3F%3C%2FH1%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFirst%2C%20make%20sure%20your%20Microsoft%20account%20is%20part%20of%20the%20Windows%20Insider%20Program.%20If%20you%20know%20you%20are%20already%20a%20Windows%20Insider%2C%20make%20sure%20you%20are%20in%20the%20Fast%20ring%20and%20go%20to%20Step%202.%20If%20not%2C%20go%20%3CA%20href%3D%22https%3A%2F%2Finsider.windows.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E%20and%20follow%20the%20instructions%20for%20the%20Fast%20ring%20so%20you%20can%20get%20the%20latest%20Insider%20Preview%20build.%3C%2FP%3E%0A%3CP%3EOnce%20this%20is%20done%2C%20run%20Windows%20Update%2C%20reboot%2C%20and%20verify%20you%E2%80%99re%20running%20Build%2019628%20or%20higher.%20You%20can%20do%20this%20by%20%3CSPAN%3Eclicking%20here%3C%2FSPAN%3E%20or%20by%20going%20to%20the%20Settings%20app%20-%26gt%3B%20System%20-%26gt%3B%20About.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId--1362291051%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%20id%3D%22toc-hId--1362291048%22%3EStep%202%3A%20How%20do%20I%20turn%20on%20the%20DoH%20feature%3F%3C%2FH1%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20you%20know%20your%20Windows%20install%20has%20our%20DoH%20client%2C%20we%20need%20to%20activate%20it.%20You%20can%20do%20that%20by%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EOpening%20the%20Registry%20Editor%3C%2FLI%3E%0A%3CLI%3ENavigate%20to%20the%20HKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5CServices%5CDnscache%5CParameters%20registry%20key%3C%2FLI%3E%0A%3CLI%3ECreate%20a%20new%20DWORD%20value%20named%20%E2%80%9CEnableAutoDoh%E2%80%9D%3C%2FLI%3E%0A%3CLI%3ESet%20its%20value%20to%202%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPlease%20note%3A%20the%20registry%20keys%20and%20values%20described%20here%20are%20only%20for%20enabling%20DoH%20client%20testing%20on%20Insider%20builds.%20When%20the%20DoH%20client%20is%20made%20available%20in%20general%20release%20builds%2C%20registry%20configuration%20of%20DoH%20will%20not%20be%20supported.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22tojens_0-1589221350608.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F190644iA5F817EC22538D60%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22tojens_0-1589221350608.png%22%20alt%3D%22tojens_0-1589221350608.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-1125221782%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%20id%3D%22toc-hId-1125221785%22%3EStep%203%3A%20How%20do%20I%20add%20DoH%20servers%20to%20Windows%3F%3C%2FH1%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20that%20the%20DoH%20client%20is%20active%2C%20Windows%20will%20start%20using%20DoH%20if%20you%20already%20have%20one%20of%20these%20servers%20configured%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22312px%22%3E%3CP%3E%3CSTRONG%3EServer%20Owner%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22312px%22%3E%3CP%3E%3CSTRONG%3EServer%20IP%20addresses%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22312px%22%3E%3CP%3E%3CSTRONG%3ECloudflare%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22312px%22%3E%3CP%3E1.1.1.1%3C%2FP%3E%0A%3CP%3E1.0.0.1%3C%2FP%3E%0A%3CP%3E2606%3A4700%3A4700%3A%3A1111%3C%2FP%3E%0A%3CP%3E2606%3A4700%3A4700%3A%3A1001%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22312px%22%3E%3CP%3E%3CSTRONG%3EGoogle%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22312px%22%3E%3CP%3E8.8.8.8%3C%2FP%3E%0A%3CP%3E8.8.4.4%3C%2FP%3E%0A%3CP%3E2001%3A4860%3A4860%3A%3A8888%3C%2FP%3E%0A%3CP%3E2001%3A4860%3A4860%3A%3A8844%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22312px%22%3E%3CP%3E%3CSTRONG%3EQuad9%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22312px%22%3E%3CP%3E9.9.9.9%3C%2FP%3E%0A%3CP%3E149.112.112.112%3C%2FP%3E%0A%3CP%3E2620%3Afe%3A%3Afe%3C%2FP%3E%0A%3CP%3E2620%3Afe%3A%3Afe%3A9%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20configure%20Windows%20to%20use%20any%20of%20these%20IP%20addresses%20as%20a%20DNS%20server%20through%20the%20Control%20Panel%20or%20the%20Settings%20app.%20The%20next%20time%20the%20DNS%20service%20restarts%2C%20we%E2%80%99ll%20start%20using%20DoH%20to%20talk%20to%20these%20servers%20instead%20of%20classic%20DNS%20over%20port%2053.%20The%20easiest%20way%20to%20trigger%20a%20DNS%20service%20restart%20is%20by%20rebooting%20the%20computer.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20add%20a%20DNS%20server%20in%20the%20Control%20Panel%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EGo%20to%20Network%20and%20Internet%20-%26gt%3B%20Network%20and%20Sharing%20Center%20-%26gt%3B%20Change%20adapter%20settings.%3C%2FLI%3E%0A%3CLI%3ERight%20click%20on%20the%20connection%20you%20want%20to%20add%20a%20DNS%20server%20to%20and%20select%20Properties.%3C%2FLI%3E%0A%3CLI%3ESelect%20either%20%E2%80%9CInternet%20Protocol%20Version%204%20(TCP%2FIPv4)%E2%80%9D%20or%20%E2%80%9CInternet%20Protocol%20Version%206%20(TCP%2FIPv6)%E2%80%9D%20and%20click%20Properties.%3C%2FLI%3E%0A%3CLI%3EEnsure%20the%20%E2%80%9CUse%20the%20following%20DNS%20server%20addresses%E2%80%9D%20radio%20button%20is%20selected%20and%20add%20the%20DNS%20server%20address%20into%20the%20fields%20below.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId--682232681%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%20id%3D%22toc-hId--682232678%22%3EStep%204%3A%20How%20do%20I%20know%20DoH%20is%20working%3F%3C%2FH1%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20that%20you%20have%20Windows%20configured%20to%20use%20DoH%2C%20you%20should%20be%20able%20to%20verify%20it%E2%80%99s%20working%20by%20seeing%20no%20more%20plain%20text%20DNS%20traffic%20from%20your%20device.%20You%20can%20do%20this%20by%20using%20Packetmon%2C%20a%20network%20traffic%20analyzer%20included%20with%20Windows.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EStart%20by%20opening%20a%20new%20Command%20Prompt%20or%20PowerShell%20window.%20Run%20the%20following%20command%20to%20reset%20any%20network%20traffic%20filters%20PacketMon%20may%20already%20have%20in%20place.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-bash%22%3E%3CCODE%3Epktmon%20filter%20remove%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERun%20the%20following%20command%20to%20add%20a%20traffic%20filter%20for%20port%2053%2C%20the%20port%20classic%20DNS%20uses%20(and%20which%20should%20now%20be%20silent%20since%20we%E2%80%99re%20only%20using%20DoH).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-bash%22%3E%3CCODE%3Epktmon%20filter%20add%20-p%2053%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERun%20the%20following%20command%20to%20start%20a%20real-time%20logging%20of%20traffic.%20All%20port%2053%20packets%20will%20be%20printed%20to%20the%20command%20line.%20If%20your%20device%20is%20only%20configured%20with%20DoH%20servers%2C%20this%20should%20show%20little%20to%20no%20traffic.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-bash%22%3E%3CCODE%3Epktmon%20start%20--etw%20-l%20real-time%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-1805280152%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%20id%3D%22toc-hId-1805280155%22%3EStep%205%3A%20How%20do%20I%20use%20a%20DoH%20server%20that%20isn%E2%80%99t%20on%20the%20auto-promotion%20list%3F%3C%2FH1%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%E2%80%99re%20trying%20to%20test%20a%20DoH%20server%20that%20isn%E2%80%99t%20already%20on%20our%20auto-promotion%20list%2C%20such%20as%20your%20ISP%E2%80%99s%20DoH%20servers%2C%20you%20can%20add%20it%20to%20our%20list%20manually%20using%20the%20command%20line.%20First%2C%20identify%20the%20IP%20address%20and%20the%20DoH%20URI%20template%20for%20the%20server%20you%20want%20to%20add.%20Then%2C%20run%20the%20following%20command%20as%20an%20administrator%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-bash%22%3E%3CCODE%3Enetsh%20dns%20add%20encryption%20server%3D%3CYOUR-SERVER%3E%20dohtemplate%3D%3CYOUR-SERVER%3E%3C%2FYOUR-SERVER%3E%3C%2FYOUR-SERVER%3E%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20verify%20the%20template%20was%20applied%20to%20the%20well-known%20DoH%20server%20list%20by%20running%20this%20command%2C%20which%20should%20show%20you%20the%20template%20being%20used%20for%20a%20given%20IP%20address%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-bash%22%3E%3CCODE%3Enetsh%20dns%20show%20encryption%20server%3D%3CYOUR-SERVER%3E%3C%2FYOUR-SERVER%3E%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20when%20Windows%20is%20configured%20to%20use%20that%20IP%20address%20as%20a%20DNS%20server%2C%20it%20will%20use%20DoH%20instead%20of%20classic%20DNS.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1381282%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20post%20will%20explain%20how%20to%20use%20DoH%20as%20a%20Windows%20Insider%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1387197%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1387197%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20great!%20It's%20nice%20to%20see%20this%20feature%20built%20into%20Windows!%20Thanks%20%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Fhtml%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1387215%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1387215%22%20slang%3D%22en-US%22%3E%3CP%3EKeep%20up%20the%20excellent%20work.%20Thanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1387228%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1387228%22%20slang%3D%22en-US%22%3E%3CP%3EAwesome%20addition%20to%20Windows!%20Thanks%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1387261%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1387261%22%20slang%3D%22en-US%22%3E%3CP%3ECould%20add%20NextDNS%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIts%20IP%20range%26nbsp%3B%3CSPAN%3E45.90.28.0%20-%2045.90.28.255%20and%20DoH%20address%20is%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdns.nextdns.io%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdns.nextdns.io%2F%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1387294%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1387294%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20this%20gets%20enabled%20by%20default%20in%20the%20future%2C%20will%20there%20ever%20be%20a%20way%20for%20networks%20to%20opt-out%20like%20Firefox's%20%3CA%20href%3D%22https%3A%2F%2Fsupport.mozilla.org%2Fen-US%2Fkb%2Fcanary-domain-use-application-dnsnet%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ecanary%20domain%3C%2FA%3E%3F%20I%20have%20a%20local%20Pi-hole%20which%20already%20uses%20DNS-over-TLS%20and%20would%20very%20much%20like%20to%20not%20have%20to%20change%20settings%20in%20every%20Windows%20machine%20for%20it%20to%20be%20effective.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1387660%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1387660%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20second%20vote%20on%20NextDNS%20above!!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1387755%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1387755%22%20slang%3D%22en-US%22%3E%3CP%3ETested%20in%20combination%20with%20Chrome%2084.0.4144.2%20-%20browser%20cannot%20be%20used.%20Horrible%20lags%20and%20hangs.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1387863%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1387863%22%20slang%3D%22en-US%22%3E%3CP%3EI%20think%20there%20might%20be%20a%20small%20error.%26nbsp%3B%20This%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-bash%22%3E%3CCODE%3Epktmon%20start%20--etw%20-l%20real-time%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3Eshould%20be%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3Epktmon%20start%20--etw%20-m%20real-time%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1387880%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1387880%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F51822%22%20target%3D%22_blank%22%3E%40Jonathan%20Kay%3C%2FA%3E%26nbsp%3BThank%20you%20very%20much%2C%20you're%20absolutely%20right!%20I've%20edited%20the%20post%20accordingly%20so%20nobody%20gets%20misled%20going%20forward.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20those%20interested%20in%20using%20other%20DNS%20providers%20with%20DoH%3A%20please%20ask%20your%20providers%20to%20reach%20out%20to%20us%20as%20this%20is%20a%20pilot%20feature%20not%20intended%20as%20a%20mechanism%20for%20supporting%20every%20DoH%20server%20out%20there.%20Please%20note%20you%20are%20free%20to%20follow%20the%20instructions%20at%20the%20end%20of%20the%20blog%20post%20to%20add%20whichever%20DoH%20server%20you%20want%20to%20use%20to%20your%20own%20system%20for%20auto-promotion.%20That%20way%2C%20say%20you%20want%20to%20use%20NextDNS%20as%20two%20comments%20so%20far%20have%20mentioned%2C%20you%20can%20run%20the%20%22netsh%20dns%20...%22%20commands%20to%20register%20a%20NextDNS%20entry%20for%20DoH.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F479267%22%20target%3D%22_blank%22%3E%40shurkistan%3C%2FA%3E%26nbsp%3BI'm%20sorry%20to%20hear%20that.%20When%20I%20fresh%20install%20Chrome%20Dev%2C%20I%20get%2084.0.4143.7%20and%20it%20seems%20to%20work%20on%20par%20with%20all%20the%20non-dev%20browser%20versions.%20Do%20you%20see%20the%20problem%20on%20a%20non-dev%20browser%20channel%20as%20well%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1388082%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1388082%22%20slang%3D%22en-US%22%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CP%3EI%20think%20there%20might%20be%20a%20small%20error.%26nbsp%3B%20This%3A%3C%2FP%3E%3CPRE%3Epktmon%20start%20--etw%20-l%20real-time%3C%2FPRE%3E%3CP%3Eshould%20be%3A%3C%2FP%3E%3CPRE%3Epktmon%20start%20--etw%20-m%20real-time%E2%80%8B%3C%2FPRE%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3ENeither%20one%20works.%26nbsp%3B%3C%2FP%3E%3CP%3EUnknown%20parameter%20'real-time'.%20See%20pktmon%20start%20help.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1389145%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1389145%22%20slang%3D%22en-US%22%3E%3CP%3ENice.%26nbsp%3B%20Added%20my%20%22personal%20nextdns%22%20IP%2Fidentifier%2C%20tested%20and%20confirmed%20it's%20using%20DNS%20over%20HTTPS.%26nbsp%3B%20NextDNS%20page%20shows%20it%20as%20active.%26nbsp%3B%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1389292%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1389292%22%20slang%3D%22en-US%22%3E%3CP%3E%3F%20Should%20the%20instructions%20be%20changed%20from%3A%3C%2FP%3E%3CUL%3E%3CLI%3ESelect%20either%20%E2%80%9CIPv4%E2%80%9D%20or%20%E2%80%9CIPv6%E2%80%9D%20and%20click%20Properties.%3C%2FLI%3E%3CLI%3EEnsure%20the%20%E2%80%9CUse%20the%20following%20DNS%20server%20addresses%E2%80%9D%20radio%20button%20is%20selected%20and%20add%20the%20DNS%20server%20address%20into%20the%20fields%20below.%3C%2FLI%3E%3C%2FUL%3E%3CP%3ETo%3A%3C%2FP%3E%3CUL%3E%3CLI%3ESelect%20IPv4%20and%20click%20Properties%3C%2FLI%3E%3CLI%3EEnsure%20the%20%22Use%20the%20following%20DNS%20...%22%3C%2FLI%3E%3CLI%3ESelect%20IPv6%20and%20click%20Properties%3C%2FLI%3E%3CLI%3EEnsure%20the%20%22Use%20the%20following%20DNS%20...%22%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1390090%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1390090%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20will%20not%20show%20up%20being%20default%20on%2C%20will%20it%3F%20DoH%20is%20a%20huge%20misguided%20mistake%20that%20wasn't%20very%20well%20thought%20out%20and%20I%20have%20no%20intention%20of%20ever%20using%20it%20if%20I%20can%20avoid%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1390321%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1390321%22%20slang%3D%22en-US%22%3E%3CP%3EDoH%20often%20breaks%20with%20captive%20portals%20or%20even%20some%20networks%20that%20explicitly%20block%20it.%26nbsp%3B%20Will%20there%20be%20an%20easy%20way%20to%20turn%20it%20on%20or%20off%20without%20having%20to%20manually%20revert%20the%20settings%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhile%20having%20per-adapter%20DNS%20settings%20may%20be%20useful%2C%20this%20is%20far%20from%20usable.%26nbsp%3B%20How%20about%20a%20top%20level%20setting%20in%20the%20Network%20%26amp%3B%20Internet%20settings%20page%20to%20enable%20or%20disable%20DNS%20and%20to%20select%20a%20known%20provider%20or%20custom%20servers%20which%20get%20applied%20across%20all%20network%20connections.%26nbsp%3B%20It%20should%20be%20as%20easy%20and%20usable%20as%20the%201.1.1.1%20mobile%20app%20and%20the%20Android%20Private%20DNS%20Mode%20setting.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1392402%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1392402%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F320389%22%20target%3D%22_blank%22%3E%40tojens%3C%2FA%3E%26nbsp%3BMost%20likely%2C%20the%20problem%20was%20on%20the%20browser's%20side.%20With%20the%20new%20browser%20version%2C%20no%20lags.%20I'll%20keep%20watching.%20Thank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1392714%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1392714%22%20slang%3D%22en-US%22%3E%3CP%3EMuito%20bom.%20Parab%C3%A9ns!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1392742%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1392742%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20configured%20my%20Windows%20correctly%2C%20nothing%20is%20logged%20when%20browsing%20internet%20from%20Edge%2C%20but%20when%20doing%20a%20%3CSTRONG%3Enslookup%3C%2FSTRONG%3E%20from%20a%20command%20prompt%2C%20the%20querry%20is%20still%20done%20using%20simple%20DNS%2053.%20Is%20it%20a%20normal%20behavior%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1395722%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1395722%22%20slang%3D%22en-US%22%3E%3CP%3EI%20also%20experience%26nbsp%3B%3CSPAN%3Elags%20and%20hangs%20with%20latest%20Edge%20canary%20(build%26nbsp%3B84.0.516.0)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20tried%20to%20disable%2Fenable%20the%20custom%20flag%20for%20secure%20DNS%20inside%20Edge%20but%20it%20doesn't%20change%20anything.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EHad%20to%20remove%20DoH%20registry%20key%2C%20too%20bad...%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1403041%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1403041%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F221930%22%20target%3D%22_blank%22%3E%40Laurent%20MILTGEN%3C%2FA%3E%26nbsp%3Bthis%20is%20expected%20because%20nslookup%20doesn't%20use%20the%20platform%20DNS%20resolver.%20You%20can%20read%20more%20about%20the%20details%20of%20troubleshooting%20DNS%20client%20behavior%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fnetworking%2Fdns%2Ftroubleshoot%2Ftroubleshoot-dns-client%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fnetworking%2Fdns%2Ftroubleshoot%2Ftroubleshoot-dns-client%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20make%20queries%20with%20the%20platform%20resolver%2C%20please%20use%20the%20Resolve-DnsName%20cmdlet%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fdnsclient%2Fresolve-dnsname%3Fview%3Dwin10-ps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fdnsclient%2Fresolve-dnsname%3Fview%3Dwin10-ps%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1413248%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Insiders%20can%20now%20test%20DNS%20over%20HTTPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1413248%22%20slang%3D%22en-US%22%3E%3CP%3EWorks%20well%20with%20regular%20windows%20actions.%20WSL%20and%20WSL2%20in%20default%20configuration.%20Both%2C%20still%20work%20in%20the%20clear.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

If you have been waiting to try DNS over HTTPS (DoH) on Windows 10, you're in luck: the first testable version is now available to Windows Insiders! If you haven’t been waiting for it, and are wondering what DoH is all about, then be aware this feature will change how your device connects to the Internet and is in an early testing stage so only proceed if you’re sure you’re ready. Having said that, if you want to see the Windows DoH client in action and help us create a more private Internet experience for our customers, here is what you need to do:

 

Step 1: How do I get a Windows build with DoH support?

 

First, make sure your Microsoft account is part of the Windows Insider Program. If you know you are already a Windows Insider, make sure you are in the Fast ring and go to Step 2. If not, go here and follow the instructions for the Fast ring so you can get the latest Insider Preview build.

Once this is done, run Windows Update, reboot, and verify you’re running Build 19628 or higher. You can do this by clicking here or by going to the Settings app -> System -> About.

 

Step 2: How do I turn on the DoH feature?

 

Once you know your Windows install has our DoH client, we need to activate it. You can do that by:

  • Opening the Registry Editor
  • Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters registry key
  • Create a new DWORD value named “EnableAutoDoh”
  • Set its value to 2

 

Please note: the registry keys and values described here are only for enabling DoH client testing on Insider builds. When the DoH client is made available in general release builds, registry configuration of DoH will not be supported.

 

tojens_0-1589221350608.png

 

 

Step 3: How do I add DoH servers to Windows?

 

Now that the DoH client is active, Windows will start using DoH if you already have one of these servers configured:

 

Server Owner

Server IP addresses

Cloudflare

1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001

Google

8.8.8.8

8.8.4.4

2001:4860:4860::8888

2001:4860:4860::8844

Quad9

9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::fe:9

 

 

You can configure Windows to use any of these IP addresses as a DNS server through the Control Panel or the Settings app. The next time the DNS service restarts, we’ll start using DoH to talk to these servers instead of classic DNS over port 53. The easiest way to trigger a DNS service restart is by rebooting the computer.

 

To add a DNS server in the Control Panel:

  • Go to Network and Internet -> Network and Sharing Center -> Change adapter settings.
  • Right click on the connection you want to add a DNS server to and select Properties.
  • Select either “Internet Protocol Version 4 (TCP/IPv4)” or “Internet Protocol Version 6 (TCP/IPv6)” and click Properties.
  • Ensure the “Use the following DNS server addresses” radio button is selected and add the DNS server address into the fields below.

 

Step 4: How do I know DoH is working?

 

Now that you have Windows configured to use DoH, you should be able to verify it’s working by seeing no more plain text DNS traffic from your device. You can do this by using Packetmon, a network traffic analyzer included with Windows.

Start by opening a new Command Prompt or PowerShell window. Run the following command to reset any network traffic filters PacketMon may already have in place.

 

pktmon filter remove

 

Run the following command to add a traffic filter for port 53, the port classic DNS uses (and which should now be silent since we’re only using DoH).

 

pktmon filter add -p 53

 

Run the following command to start a real-time logging of traffic. All port 53 packets will be printed to the command line. If your device is only configured with DoH servers, this should show little to no traffic.

 

pktmon start --etw -m real-time

 

Step 5: How do I use a DoH server that isn’t on the auto-promotion list?

 

If you’re trying to test a DoH server that isn’t already on our auto-promotion list, such as your ISP’s DoH servers, you can add it to our list manually using the command line. First, identify the IP address and the DoH URI template for the server you want to add. Then, run the following command as an administrator:

 

netsh dns add encryption server=<your-server’s-IP-address> dohtemplate=<your-server’s-DoH-URI-template>

 

You can verify the template was applied to the well-known DoH server list by running this command, which should show you the template being used for a given IP address:

 

netsh dns show encryption server=<your-server’s-IP-address>

 

Now when Windows is configured to use that IP address as a DNS server, it will use DoH instead of classic DNS.

20 Comments
Honored Contributor

This is great! It's nice to see this feature built into Windows! Thanks :smile:

Senior Member

Keep up the excellent work. Thanks.

Awesome addition to Windows! Thanks 

Occasional Visitor

Could add NextDNS?

 

Its IP range 45.90.28.0 - 45.90.28.255 and DoH address is https://dns.nextdns.io/

Occasional Visitor

If this gets enabled by default in the future, will there ever be a way for networks to opt-out like Firefox's canary domain? I have a local Pi-hole which already uses DNS-over-TLS and would very much like to not have to change settings in every Windows machine for it to be effective.

Regular Visitor

I have second vote on NextDNS above!!!

Senior Member

Tested in combination with Chrome 84.0.4144.2 - browser cannot be used. Horrible lags and hangs.

Regular Visitor

I think there might be a small error.  This:

pktmon start --etw -l real-time

should be:

pktmon start --etw -m real-time

 

Microsoft

@Jonathan Kay Thank you very much, you're absolutely right! I've edited the post accordingly so nobody gets misled going forward.

 

For those interested in using other DNS providers with DoH: please ask your providers to reach out to us as this is a pilot feature not intended as a mechanism for supporting every DoH server out there. Please note you are free to follow the instructions at the end of the blog post to add whichever DoH server you want to use to your own system for auto-promotion. That way, say you want to use NextDNS as two comments so far have mentioned, you can run the "netsh dns ..." commands to register a NextDNS entry for DoH.

 

@shurkistan I'm sorry to hear that. When I fresh install Chrome Dev, I get 84.0.4143.7 and it seems to work on par with all the non-dev browser versions. Do you see the problem on a non-dev browser channel as well?

Frequent Visitor

I think there might be a small error.  This:

pktmon start --etw -l real-time

should be:

pktmon start --etw -m real-time​

Neither one works. 

Unknown parameter 'real-time'. See pktmon start help.

Regular Visitor

Nice.  Added my "personal nextdns" IP/identifier, tested and confirmed it's using DNS over HTTPS.  NextDNS page shows it as active.  :)

Occasional Visitor

? Should the instructions be changed from:

  • Select either “IPv4” or “IPv6” and click Properties.
  • Ensure the “Use the following DNS server addresses” radio button is selected and add the DNS server address into the fields below.

To:

  • Select IPv4 and click Properties
  • Ensure the "Use the following DNS ..."
  • Select IPv6 and click Properties
  • Ensure the "Use the following DNS ..."
Occasional Visitor

This will not show up being default on, will it? DoH is a huge misguided mistake that wasn't very well thought out and I have no intention of ever using it if I can avoid it.

Contributor

DoH often breaks with captive portals or even some networks that explicitly block it.  Will there be an easy way to turn it on or off without having to manually revert the settings?

 

While having per-adapter DNS settings may be useful, this is far from usable.  How about a top level setting in the Network & Internet settings page to enable or disable DNS and to select a known provider or custom servers which get applied across all network connections.  It should be as easy and usable as the 1.1.1.1 mobile app and the Android Private DNS Mode setting.

Senior Member

@tojens Most likely, the problem was on the browser's side. With the new browser version, no lags. I'll keep watching. Thank you!

Occasional Visitor

Muito bom. Parabéns!!

I have configured my Windows correctly, nothing is logged when browsing internet from Edge, but when doing a nslookup from a command prompt, the querry is still done using simple DNS 53. Is it a normal behavior? 

Visitor

I also experience lags and hangs with latest Edge canary (build 84.0.516.0)

I tried to disable/enable the custom flag for secure DNS inside Edge but it doesn't change anything.

Had to remove DoH registry key, too bad...

Microsoft

@Laurent MILTGEN this is expected because nslookup doesn't use the platform DNS resolver. You can read more about the details of troubleshooting DNS client behavior here: https://docs.microsoft.com/en-us/windows-server/networking/dns/troubleshoot/troubleshoot-dns-client

 

To make queries with the platform resolver, please use the Resolve-DnsName cmdlet: https://docs.microsoft.com/en-us/powershell/module/dnsclient/resolve-dnsname?view=win10-ps

Occasional Visitor

Works well with regular windows actions. WSL and WSL2 in default configuration. Both, still work in the clear.