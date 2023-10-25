Microsoft has recently undertaken a groundbreaking initiative to test support for the Discovery of Network-designated Resolvers (DNR) internet standard. This new feature enables automated client-side discovery of encrypted DNS servers within local area networks, heralding a significant advancement in user experience and security.

Traditionally, users who wished to utilize encrypted DNS servers on their local networks had to manually enter the server information within their network settings. With the implementation of client-side DNR, this arduous process becomes a thing of the past. Devices with client-side DNR enabled will now automatically configure themselves to communicate with encrypted DNS resolvers and utilize secure DNS protocols such as DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ).

How does it work? When a device equipped with client-side DNR joins a new network, it queries the local DHCP server for an IP address while also requesting specific DNR options. In response, the server equipped with server-side DNR will provide the device with encrypted DNS details, including the server’s IP address, supported protocols, port numbers, and authentication data. Armed with this information, the device can seamlessly establish an encrypted DNS tunnel without requiring any manual configuration.

Amanda Langowski and Brandon LeBlanc from Microsoft state, “DNR will enable Windows Insider users to use encrypted DNS protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT) on the client-side without requiring manual configuration.” This streamlining of the encrypted DNS setup process promises to enhance the usability and security of the Windows Insider experience.

While support for client-side DNR is currently rolling out to Windows Insiders using build 25982 or above, it is not yet available on non-Insider Windows versions. To activate DNR on compatible Windows Insider builds, users will need to create a new EnableDnr registry key under ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscache. A specified command must be run from an elevated command prompt for the activation to take effect, preceded the installation of the compatible Windows Insider build. Restarting the device is necessary for the updated settings to be implemented.

To witness DNR in action, it is essential to connect to a network where the DHCPv4 or DHCPv6 server has server-side DNR enabled.

With client-side DNR offering increased convenience and security, Microsoft’s progressive approach provides Windows users with a more seamless and protected internet browsing experience.

Frequently Asked Questions (FAQ)

Q: What is client-side DNR?

A: Client-side DNR allows devices to automatically discover and connect to encrypted DNS resolvers within local networks without manual configuration.

Q: Which DNS protocols does client-side DNR support?

A: Client-side DNR supports DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ) protocols.

Q: Who can access client-side DNR at the moment?

A: Client-side DNR is currently being rolled out to Windows Insiders using build 25982 or above.

Q: How can I activate DNR on my device?

A: To activate DNR on compatible Windows Insider builds, you’ll need to create an EnableDnr registry key and run a specified command from an elevated command prompt. Restarting the device is necessary for the updated settings to be implemented.

Q: Does server-side DNR need to be enabled for client-side DNR to work?

A: Yes, client-side DNR relies on server-side DNR being toggled on within the DHCPv4 or DHCPv6 server of the network you are connecting to.

Q: Can client-side DNR be disabled?

A: Yes, client-side DNR can be disabled using a specific command in an administrator command prompt and rebooting the system for the change to take effect.