Internet Security



Microsoft’s next big update for Windows 10 (May 2020 Update) is just around the corner and the Redmond-giant has already released the downloadable ISOs for IT Pros via the MSDN.



People spent half of their life browsing on the Internet these days and protecting your data from threats like eavesdropping and spoofing has become a top-priority for security experts.



In order to ensure a solid line of defense against DNS exploits, Windows Insiders with Build 19628 (or higher) installed on their machine can now try out the Windows DoH client (DNS over HTTPS) that is built into the operating system.



To know what build and version of Windows you are running,


typing ‘winver‘ in a Run window will yield the results, as shown below.



About Windows Dialog Box

Activating the DoH client

Once you are aware of your Windows install, follow the steps below to activate the DoH client on your machines:

  • Open the Registry Editor (type ‘regedit’ in Run and hit enter)
  • Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters registry key
  • Create a new DWORD value named “EnableAutoDoh”
  • Set its value to 2


Registry Editor - path to Windows DoH client


The next step is to manually configure the default DNS on your Windows machine.



For now, the Windows DoH client is only friends with 3 public DNS servers.

Server Owner

Server IP addresses

Cloudflare

1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001

Google

8.8.8.8

8.8.4.4

2001:4860:4860::8888

2001:4860:4860::8844

Quad9

9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::fe:9


How to manually set a default or user-defined DNS on Windows.


Please follow the steps below.

  • Go to Control Panel >> Network and Internet -> Network and Sharing Center -> Change adapter settings.
  • Right click on the active connection and select Properties.
  • Select “Internet Protocol Version 4 (TCP/IPv4)” or “Internet Protocol Version 6 (TCP/IPv6)” and click Properties.
  • Click to enable “Use the following DNS server addresses” radio button and add the DNS server address into the fields below.


Note: Make sure the primary and alternate DNS addresses differ, as shown in the image below.


manual DNS setting in Windows

Hit Ok to apply the changes for each dialog.



You may also have to restart the PC for all the changes to take effect.



In the following post, we will discuss how to verify whether the Windows DoH client is working or not.



For this, we will use Packetmon, a network traffic analyzer included with Windows.



We have already discussed about pktmon in a previous blog post, so make sure to give it a read