DNS-over-HTTPS for Windows DNS server forwarding?

Question

Is it possible to configure DNS Forwarding of Windows Server 2019 AD DNS servers using DNS-over-HTTPS, or do I need to use an intermediary server internally to resolve using DoH and return regular clear test DNS results to the Windows DNS servers?

At the moment they just use Cloudflares servers without encryption.

The network is a fairly elaborate home/lab network with Windows and Linux servers, and Mikrotik routers. Mix of Windows, mobile, and console device clients Typical of a normal family home, not all of which use the windows AD servers for DNS.

Thanks

Regards

Braedon

I can't answer specifically for Windows, but if you end up needing a proxying service I have one that can go both ways DNS-> DoH and DoH -> DNS https://github.com/hardillb/dns-over-https — hardillb, Feb 11 '20 at 13:17

score 0 · Accepted Answer · answered Feb 13 '20 at 05:45

It's not supported in Windows DNS (yet - apparently MSFT has plans, but it looks like DoH for clients rather than server first).

If you've got Linux, you might want to look at using a solution there for a DoT stub resolver or caching forwarder (your DCs can use that as a forwarder). This page has some examples for Cloudflare

score 0 · Answer 2 · answered Jan 26 '23 at 10:31

0

You may setup another internal DNS server (Linux?) that supports encrypted queries, and point the Windows DNS server forwarder to it, it's an extra hop but wort if you are concern about security.

answered Jan 26 '23 at 10:31

cata81

1

DNS-over-HTTPS for Windows DNS server forwarding?

2 Answers2