DNS over TLS is now available for Windows 11 Insiders, here is how to enable it

A Windows 11 promo image with a Wi-Fi icon

Microsoft rolled out build 25158 in the Windows 11 Dev Channel as well as Windows Server 2022 preview a few hours ago. For the former, this build contains a bunch of new features including different Search styles, notification badges in Widgets, CD ripping in Media Player, and more. Meanwhile, Windows Server 2022 doesn't even have a changelog, as per usual.

One other feature that was briefly mentioned in Microsoft's announcement blog post was DNS over TLS (DoT), which is a networking enhancement now available for Insiders.

If you're wondering what DoT is, it's an alternative to DNS over HTTPS (DoH) and is intended for encrypted network traffic. DoH is already present in both Windows 11 and Windows Server 2022 and enables DNS traffic to be routed as an HTTPS stream over port 443. Meanwhile, DoT routes encrypted DNS traffic over a TLS tunnel on a dedicated port 853. While DoT offers better network performance in some use-cases, you do lose some flexibility offered by DoH.

If all of this sounds interesting to you, here's Microsoft's guidance for enabling DoT, currently available for Windows 11 and Windows Server Insiders with build 25158:

  1. Go to Settings -> Network (this should load the view for the current default network connection)
  2. Click on Wi-Fi or Ethernet (likely the top row)
  3. Click "Hardware properties" (likely the bottom row)
  4. On the "DNS server assignment:" row, click the "Edit" button
  5. Turn on the "IPv4" and/or "IPv6" switches
  6. Type the IP address of the DoT server to test into the "Preferred DNS" text box
  7. Save and confirm that " (Unencrypted)" shows up on the "IPv4 DNS servers:" row in the list of configurations near the bottom of this view

Finally, run these commands in Command Prompt with admin privileges:

netsh dns add global dot=yes

netsh dns add encryption server=[the-ip-address-configured-as-the-DNS-resolver] dothost=: autoupgrade=yes

ipconfig /flushdns

It is important to note that port 853 is the only port that can be designated for DoT at this time, custom configurations are not currently supported.

Furthermore, you should also remember that build 25158 is the Windows 11 version 23H2 release, which means that if this feature does pass testing, it won't be available before the second half of 2023. The next major version of Windows 11 is version 22H2, which should be available within the next couple of months and won't include DoT.

Report a problem with article
ebook offer
Next Article

Making the Move to Desktops as a Service — Free White Paper

GDDR6 memory chips from Samsung
Previous Article

Samsung announces its fastest 24 Gbps GDDR6 DRAM for flagship graphics cards

3 Comments - Add comment

Advertisement