Jump to content
  • DNS over TLS is now available for Windows 11 Insiders, here is how to enable it


    Karlston

    • 621 views
    • 3 minutes
     Share


    • 621 views
    • 3 minutes

    Microsoft rolled out build 25158 in the Windows 11 Dev Channel as well as Windows Server 2022 preview a few hours ago. For the former, this build contains a bunch of new features including different Search styles, notification badges in Widgets, CD ripping in Media Player, and more. Meanwhile, Windows Server 2022 doesn't even have a changelog, as per usual.

     

    One other feature that was briefly mentioned in Microsoft's announcement blog post was DNS over TLS (DoT), which is a networking enhancement now available for Insiders.

     

    If you're wondering what DoT is, it's an alternative to DNS over HTTPS (DoH) and is intended for encrypted network traffic. DoH is already present in both Windows 11 and Windows Server 2022 and enables DNS traffic to be routed as an HTTPS stream over port 443. Meanwhile, DoT routes encrypted DNS traffic over a TLS tunnel on a dedicated port 853. While DoT offers better network performance in some use-cases, you do lose some flexibility offered by DoH.

     

    If all of this sounds interesting to you, here's Microsoft's guidance for enabling DoT, currently available for Windows 11 and Windows Server Insiders with build 25158:

     

    1. Go to Settings -> Network (this should load the view for the current default network connection)
    2. Click on Wi-Fi or Ethernet (likely the top row)
    3. Click "Hardware properties" (likely the bottom row)
    4. On the "DNS server assignment:" row, click the "Edit" button
    5. Turn on the "IPv4" and/or "IPv6" switches
    6. Type the IP address of the DoT server to test into the "Preferred DNS" text box
    7. Save and confirm that " (Unencrypted)" shows up on the "IPv4 DNS servers:" row in the list of configurations near the bottom of this view

     

    Finally, run these commands in Command Prompt with admin privileges:

     

    netsh dns add global dot=yes

     

    netsh dns add encryption server=[the-ip-address-configured-as-the-DNS-resolver] dothost=: autoupgrade=yes

     

    ipconfig /flushdns

     

    It is important to note that port 853 is the only port that can be designated for DoT at this time, custom configurations are not currently supported.

     

    Furthermore, you should also remember that build 25158 is the Windows 11 version 23H2 release, which means that if this feature does pass testing, it won't be available before the second half of 2023. The next major version of Windows 11 is version 22H2, which should be available within the next couple of months and won't include DoT.

     

     

    DNS over TLS is now available for Windows 11 Insiders, here is how to enable it


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...