Microsoft tests Windows 11 encrypted DNS server auto-discovery

Trending 1 month ago

Windows 11

Microsoft is testing support for nan Discovery of Network-designated Resolvers (DNR) net standard, which enables automated client-side find of encrypted DNS servers connected section area networks.

Without DNR support, users must manually participate nan info of encrypted DNS servers connected their section area web wrong nan web settings.

However, client-side DNR automatically configures devices to scope specified encrypted DNS resolvers and usage encrypted DNS protocols for illustration DNS complete TLS (DoT), DNS complete HTTPS (DoH), and DNS complete QUIC (DoQ).

When a instrumentality pinch client-side DNR enabled joins a caller network, it queries nan section DHCP server, requesting an IP reside and DNR-specific options.

The server, operating server-side DNR, responds pinch encrypted DNS details, including server IP, supported protocols, larboard numbers, and authentication data, allowing nan customer to found an encrypted DNS passageway automatically utilizing nan provided info.

"Until today, Windows Insiders users had to find retired nan IP reside of their desired encrypted DNS server and manually participate it to configure client-side encrypted DNS connected their machine," said Microsoft's Amanda Langowski and Brandon LeBlanc.

"DNR will alteration Windows Insider users to usage encrypted DNS protocols for illustration DNS complete HTTPS (DoH) and DNS complete TLS (DoT) connected nan client-side without requiring manual configuration."

Support for client-side DNR is presently rolling retired to Windows Insiders utilizing Windows Insider build 25982 aliases above. This characteristic is not yet disposable connected non-Insider Windows versions.

After installing a compatible Windows Insider build, you will person to create a caller EnableDnr registry cardinal nether Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache to activate DNR connected nan instrumentality by moving nan pursuing bid from an elevated bid prompt:

reg adhd HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters /v EnableDnr /t REG_DWORD /d 1

After nan registry changes, you must restart nan instrumentality truthful that nan updated settings return effect. To spot DNR successful action, you must link to a web wherever nan DHCPv4 aliases DHCPv6 server has server-side DNR toggled on.

EnableDnr registry keyEnableDnr registry cardinal (Microsoft)

At nan moment, Microsoft's client-side DNR implementation only supports nan pursuing configuration modes (IPv6 RA Encrypted DNS is not yet supported):

  • DHCPv4 without support for ADN only mode.
  • DHCPv6 without support for ADN only mode and only accepts 1 lawsuit of OPTION_V6_DNR.

To disable client-side DNR connected your system, you tin tally nan pursuing bid successful an administrator bid punctual and reboot nan strategy for nan alteration to return effect:

reg adhd HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters /v EnableDnr /t REG_DWORD /d 0

Starting pinch today's Windows 11 Insider build, Microsoft besides allows admins to require SMB customer encryption for each outbound connections to take sides against eavesdropping and interception attacks.

The institution besides added ReFS filesystem Block Cloning Support to nan Windows transcript motor to amended ReFS volumes' capacity erstwhile copying larger files.