Preview of DNS over HTTPS available in Windows

How to enable DNS over HTTPS in Windows 10

With the latest insider builds from Windows, DNS can be activated for the first time via HTTPS at the operating system level.

Microsoft has released the insider build 19628 of its Windows 10 operating system. The preview contains as the only important innovation the initial support for the protocol DNS over HTTPS (Doh), with which DNS requests and answers can be transmitted encrypted.

DNS over HTTPS lands in the latest preview.

Microsoft announced for the first time about six months ago that Windows should support Doh, and now the implementation can be tested for the first time. For this, however, some manual settings are still necessary, which Microsoft documents in a forum post. Therefore, to use Doh, a key-value pair must currently be entered in the Windows registry itself.

However, Microsoft points out that this only applies to the tests of Doh in the insider builds. As soon as the Doh client from Microsoft is stable in Windows, a configuration of Doh via the registry is no longer supported. As already announced, Doh servers will only be used as resolvers in the now available tests if these resolvers are already used by the users via the old DNS. Windows performs the migration of the used protocol automatically.

Microsoft Bakes DNS-over-HTTP into Windows 10 Insider Previews.

However, the verification whether the resolvers also supported Doh and a migration is possible is not yet automated. Microsoft therefore lists the IP addresses of the public DNS servers of Google, Cloudflare and the IBM service Quad9, with which Doh can be used in Windows. To use other Doh servers, users can configure them using the Netsh command-line tool.

So far, the possibility to use Doh is only available in some browsers or special tools such as Curl, but not at the operating system level. Microsoft’s automatic protocol migration approach is reminiscent of what Google uses for its Chrome browser. In contrast, Firefox vendor Mozilla announced to migrate all US users to Doh, using Cloudflare services as the default resolver.