DNS over HTTPS (DoH) support appeared on Windows 10 2004 build (May 2020 Update). Now Windows 10 can resolve names over HTTPS protocol using the built-in DoH client. In this article we’ll tell what DNS over HTTPS protocol is used for, how to enable and use it on latest Windows 10 builds.
When your computer connects to a DNS server to resolve names, it sends and receives DNS requests/responses over the Internet in clear text. An attacker can intercept your traffic, detect what resources you have visited or manipulate your DNS traffic using a man-in-the-middle type of attack. The DNS over HTTPS protects user data privacy by encrypting all DNS queries. The DoH protocol encapsulates DNS queries into HTTPS traffic and sends them to a DNS server (you need use use a special DNS server with DoH support).
Windows 10 2004 does’t yet have a GPO parameter or an option in the graphic interface to enable DNS-over-HTTPS. Currently, you can only enable DoH on latest Windows 10 builds via the registry:
- Run the
regedit.exe; - Go to the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters - Create a new DWORD parameter with the name EnableAutoDoh and value 2;
- Then restart the DNS client service. To do it, reboot your computer, since you won’t be able to restart the dnscase service normally (
Restart-Service -Name Dnscache –forcecommand returns the following error: Collection was modified; enumeration operation may not execute).