DoH in Microsoft Windows OS
Until this moment Microsoft Windows OS doesn’t support DNS over HTTPS, The feature will most likely be implemented in future builds but no body knows when is that however, You can still take a peak into the feature which is in preview mode/
Benefit of using DoH on an OS level
The benefit of using DoH on an Operating System level would provide more certainty that your DNS queries leave your computer without being read by any other party even if that is your ISP.
A simple DNS nslookup query using Wireshark on your computer would show you how serious this topic is. After installing Wireshark you’ll be able to see that all of your dns queries are in clear text and can be read by anyone until it gets to the destination website/server.
Demonstration of DNS lookup without DoH
After installing Wireshark, I fire up Powershell or CMD and try to nslookup google.com and it’ll show what I just queried for.
So how to make sure that your DNS queries don’t leave your computer in clear text format? and since Microsoft OS is not DoH ready yet what can you do?
In my case, I am already using encrypted DNS on firewall level as I have Pfsense acting as a router and it already supports DoH but still not pretty satisfied :).
DNSCrypt as a solution
Since the foundation of DoH I have been looking for a solution that would work on Microsoft Windows OS and luckily someone already created this great project called Simple DNSCrypt which not just enables the encryption of DNS queries on your OS but also enables this to work as a service.
Installing DNSCrypt would create a Windows based Service which would start automatically when your OS boots and logs into Windows.
The service is called DNSCrypt Client Proxy
Add alt text
DNSCrypt has a simple interface, You can pick up the DNS Server where to forward queries to and it works with proof.
Right after the installation of this tiny app, launch it as an administrator and configure it as in the below screenshot. You can choose to install the service or not.
Add alt text
Right after you enable it (By clicking on your Network Card box) that will start protecting your DNS queries. Let’s go ahead with a little demo
I am going to start Wireshark after enabling DnsCrypt and do a google dns lookup , As you can see below on wireshark it’s not returning any dns queries.
When you install Simple DNSCrypt it changes your Preferred DNS configuration to localhost so that all queries is passed through the app in DNS over HTTPS which doesn’t allow even Wireshark to see it as DNS.
So that makes it pretty secure and not even your firewall will see it.
If you have any question please don’t hesitate to ask me
Official DNScrypt website https://simplednscrypt.org/
Support the project founder https://github.com/bitbeans/SimpleDnsCrypt
![clip_image001[4]](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image0014-2.png "clip_image001[4]")
![clip_image001[6]](https://www.moh10ly.com/wp-content/uploads/2020/01/clip_image0016-1.png "clip_image001[6]")
