Windows 10 now also offers encrypted DNS

Windows 10 now also offers encrypted DNS

New York, 17.5.2020

With build 19628 and higher, Windows 10 users can encrypt their DNS traffic to prevent a hacker from spying on browsing targets. For the time being, only those persons who are in the Fast Ring and thus receive the weekly updates with new functions can test this. But even these persons still have to switch on DoH.

Background: currently, every page name typed in the browser is sent in plain text to DNS servers, where it is translated into IP addresses and then forwarded – so it’s easy for DNS hijackers. They simply redirect the input to dangerous websites.

For some time now, the encrypted DNS query technique DNS over HTTPS (DoH) has been available as a solution. Windows would then route all DNS queries over encrypted HTTP connections.

With the 19628 build, users still have to activate this function manually via the registry and specify a DNS server in the Windows settings. Microsoft explains how to do this in its network blog.

If you want to test the DNS over HTTPS in build 19628.1 – proceed as follows: The option can be found in the key „HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters.“
After right-clicking with the mouse, create a new DWORD entry with the name „EnableAutoDoh“. Set the value to „2“.
However, DoH will only work if an additional DNS service for Windows has been configured that supports the encryption of DNS requests. As examples Microsoft mentions in a v the services of Cloudflare, Google and Quad9.