In a previous blog post, we learned about how DNS over HTTPS can save you from most-common DNS exploits like eavesdropping and spoofing.
And how to enable it on your Windows 10 machine.
With the Windows 10 May 2020 Update, Microsoft is introducing in-built support for name resolution via HTTPS.
We have also discussed about another built-in tool – Packet Monitor or PktMon.exe
Packet Monitor is a cross-component network diagnostics tool for Windows.
It can be used for packet capture, packet drop detection, packet filtering and counting.
Today, we will be taking a look at how to test or verify whether Windows is configured to use DoH or not.
For this we will be using Packet Monitor.
Here is the detailed step-by-step guide:
- Open a new Command Prompt or PowerShell window.
- Run the following command – to reset all the network traffic filters.
pktmon filter remove
- Next, type the following command and press enter. This will add a traffic filter for port 53, the port classic DNS uses.
pktmon filter add -p 53
- Start a real-time logging of traffic by typing the following command. If your device is only configured with DoH servers, this should show little to no traffic.
pktmon start --etw -m real-time
- If you’re trying to test the ISP’s DoH servers, you can add it to the list manually using the command line.
Get the IP address and the DoH URI template for the server you want to add.
Then, run the following command as an administrator:
netsh dns add encryption server=<your-server’s-IP-address> dohtemplate=<your-server’s-DoH-URI-template>
- To verify the template was applied, run this command, which should show you the template being used for a given IP address:
netsh dns show encryption server=<your-server’s-IP-address>
After following all the necessary steps above, and observing the traffic on port 53, you should be able to decide if the Windows DoH client is configured properly.
All the features will be available in Windows 10 May 2020 Update which is now available via Windows Update. More information can be found on this page.