Security News > 2023 > October > Microsoft tests Windows 11 encrypted DNS server auto-discovery

Microsoft is testing support for the Discovery of Network-designated Resolvers internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks.

Without DNR support, users must manually enter the info of encrypted DNS servers on their local area network within the network settings.

Client-side DNR automatically configures devices to reach such encrypted DNS resolvers and use encrypted DNS protocols like DNS over TLS, DNS over HTTPS, and DNS over QUIC. When a device with client-side DNR enabled joins a new network, it queries the local DHCP server, requesting an IP address and DNR-specific options.

The server, operating server-side DNR, responds with encrypted DNS details, including server IP, supported protocols, port numbers, and authentication data, allowing the client to establish an encrypted DNS tunnel automatically using the provided info.

"Until today, Windows Insiders users had to find out the IP address of their desired encrypted DNS server and manually enter it to configure client-side encrypted DNS on their machine," said Microsoft's Amanda Langowski and Brandon LeBlanc.

"DNR will enable Windows Insider users to use encrypted DNS protocols like DNS over HTTPS and DNS over TLS on the client-side without requiring manual configuration."

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-windows-11-encrypted-dns-server-auto-discovery/