Microsoft’s next big update for Windows 10 (May 2020 Update) is just around the corner and the Redmond-giant has already released the downloadable ISOs for IT Pros via the MSDN.
People spent half of their life browsing on the Internet these days and protecting your data from threats like eavesdropping and spoofing has become a top-priority for security experts.
In order to ensure a solid line of defense against DNS exploits, Windows Insiders with Build 19628 (or higher) installed on their machine can now try out the Windows DoH client (DNS over HTTPS) that is built into the operating system.
To know what build and version of Windows you are running,
typing ‘winver‘ in a Run window will yield the results, as shown below.
Activating the DoH client
Once you are aware of your Windows install, follow the steps below to activate the DoH client on your machines:
- Open the Registry Editor (type ‘regedit’ in Run and hit enter)
- Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters registry key
- Create a new DWORD value named “EnableAutoDoh”
- Set its value to 2
The next step is to manually configure the default DNS on your Windows machine.
For now, the Windows DoH client is only friends with 3 public DNS servers.
Server Owner | Server IP addresses |
Cloudflare | 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001 |
8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844 | |
Quad9 | 9.9.9.9 149.112.112.112 2620:fe::fe 2620:fe::fe:9 |
How to manually set a default or user-defined DNS on Windows.
Please follow the steps below.
- Go to Control Panel >> Network and Internet -> Network and Sharing Center -> Change adapter settings.
- Right click on the active connection and select Properties.
- Select “Internet Protocol Version 4 (TCP/IPv4)” or “Internet Protocol Version 6 (TCP/IPv6)” and click Properties.
- Click to enable “Use the following DNS server addresses” radio button and add the DNS server address into the fields below.
Note: Make sure the primary and alternate DNS addresses differ, as shown in the image below.
Hit Ok to apply the changes for each dialog.
You may also have to restart the PC for all the changes to take effect.
In the following post, we will discuss how to verify whether the Windows DoH client is working or not.
For this, we will use Packetmon, a network traffic analyzer included with Windows.
We have already discussed about pktmon in a previous blog post, so make sure to give it a read