Microsoft is constantly adding new features to Windows 11 operating system. If you are trying out their Windows Insider Preview Builds, you can observe that new features are industry-first available to you. Following this tradition, Microsoft has now added DNS over TLS (DoT) feature to Windows 11. Basically, DNS over TLS (DoT) is an alternative encrypted DNS protocol to DNS over HTTPS (DoH). In this article, you will read how to enable DNS over TLS (DoT) in Windows 11.
DoT uses the same security protocol, TLS, that HTTPS websites use to encrypt and authenticate communications. DoT adds TLS encryption on top of the user datagram protocol (UDP), which is used for DNS queries. Additionally, it ensures that DNS requests and responses are not tampered with or forged via on-path attacks. DoT only uses port 853, while DoH uses port 443, which is the port that all other HTTPS traffic uses as well. This will ultimately led to improving network performance, of course on a small scale.
Windows 11 and Windows Server builds are already providing client support for DoH. With Windows 11 build 25158 or later, client support for DoT also available. You may also the same support in Windows Server 2022.
Here’s how you can enable DoT in Windows 11.
How to enable DNS over TLS (DoT) in Windows 11
1. Press 
+ I keys to open Settings app.
2. In Settings app, go to Network & Internet. Click on Properties next to Ethernet/WiFi you’re connected to.
3. In the next page, click Edit button against DNS server assignment.
4. In Edit DNS settings, turn on IPv4 and/or IPv6 and put DoT server into Preferred DNS field.
5. Save the configuration and close the Settings app.
6. Open Command Prompt and execute these commands one-by-one:
netsh dns add global dot=yes
netsh dns add encryption server=<the-ip-address-configured-as-the-DNS-resolver> dothost=: autoupgrade=yes
ipconfig /flushdns
In this way, DoT is now enabled on the system. Note that the settings configured above are in effect without reboot.
To check if DoT is enabled, execute netsh dns show global command. If output contains DoT settings: enabled, then DoT is enabled, else not.
With inputs from this official Microsoft post.
That’s it!
![[Latest Windows 11 Update] What’s new in KB5036980?](https://www.kapilarya.com/assets/Windows11-Update.png "[Latest Windows 11 Update] What’s new in KB5036980?")
![[Latest Windows 10 Update] What’s new in KB5036979?](https://www.kapilarya.com/assets/Windows10-Update.png "[Latest Windows 10 Update] What’s new in KB5036979?")
Leave a Reply