Microsoft mainly concentrates on Privacy and security features, recently Microsoft added a new security feature called DNS over TLS (DoT) to Windows 11. If you are using Windows 11 insider preview build, then you might have noticed a few new features. The recent Windows 11 insider preview build comes with the DNS over TLS features. This feature allows users to switch from an unencrypted network to an encrypted one. DoT is a privacy feature, for example, if you are visiting any website using HTTPS protocol, Your DNS query is sent over an unencrypted connection. That means anyone can track your network packets, and the second problem with the unencrypted DNS is that it is easy for a Man-In-The-Middle attack, so hackers can tamper with the request and take you to any Phishing or Compromised website. To overcome this issue Windows 11 offers you to enable the DNS over TLS. Once you enabled DoT on your system, then whenever you visit any website, all your Quires will take over using TLS protocol. This Windows article will guide you to enable DNS over TLS (DOT)feature in Windows 11.
Enable DNS over TLS (DOT)feature in Windows 11:
Note: DoT is available from Windows 11 build 25158 or later, if you are using an older version of Windows 11 then the following steps won’t work. You can use the following steps to enable DoT in Windows Server 2022. If you are using an older version of Windows 11 then you can enable DNS over HTTPS (DoH), it’s similar like DoT.
Open Windows Settings by pressing Windows + I and from the left-hand side click on Network & internet.
And from the right-hand side, click on Ethernet, depending on how you are connecting to the Network.
Then choose the Network Properties, under the Properties window, look for DNS server assignment, and click on Edit.
Under Edit DNS settings, click on the Drop-down menu and choose Manual. Enable the toggle button and turn on the IPv4 or IPv6.
Under Preferred DNS address enter the following IP address which supports DoT, there are lot of standard Domain Name Service which support DoT.
Cloudflare (1.1.1.1 and 1.0.0.1 )
Google ( 8.8.8.8 and 8.8.8.4 )
Once you entered Preferred and Alternate DNS address click on Save.
Next Close the setting app, then open the command prompt and execute the commands one by one in order.
netdns dns add global dot=yes
netsh dns add encryption server=<the-ip-address-configured-as-the-DNS-resolver> dothost=: autoupgrade=yes
ipconfig /flushdns
ipconfig /renew
How to Verify DoT?
To check whether the DoT is enabled or not, run the following command.
netsh dns show global
That’s it, hope this helps.