Insider Introducing DNR support for Windows 11 Insiders


  • Staff
A huge thank you to Alex Jercaianu, Justin Sapp, Kosi Nwabueze, and Milan Justel for implementing this feature!

Discovery of Network-designated Resolvers (DNR) is an upcoming IETF standard to discover encrypted DNS servers. Before DNR, devices getting DNS server from their local network would not be able to use encrypted DNS without manually finding out the IP address of their desired encrypted DNS server and configuring it on client-side. DNR enables devices to use encrypted DNS protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT) on the client-side without requiring manual endpoint configuration.

We are excited to announce client-side DNR support in Windows Insiders build 25982 and higher!

How does client-side DNR work?​


Let us look at what happens when a machine with client-side DNR enabled attempts to join a new network. First, the machine queries the local DHCP server to acquire an IP address. During that query it also requests special DNR-specific options (OPTION_V4_DNR for DHCPv4 or OPTION_V6_DNR for DHCPv6). The local DHCP server which is running server-side DNR responds to the machine with all the required information for configuring encrypted DNS such as the IP address of the encrypted DNS server, list of supported encrypted DNS protocols, their port numbers, and server authentication information. On receiving this information, the client machine sets up an encrypted DNS tunnel automatically with the server discovered through DNR.

From the user’s perspective, they joined a new network as they normally would and without any effort on their part, they are reaping the benefits of encrypted DNS!

How to use DNR on Windows Insider builds?​


First step is to install the latest Windows Insider build (25982 or higher). DNR support is not available on non-Insider Windows builds yet.

Once a compatible Windows Insider build is installed, a new registry key needs to be created to enable DNR on the device.

Please note: You should proceed with the deployment steps below only if you have prior experience with modifying registry. This is NOT recommended for people who are unfamiliar with registry keys.

UI​

The registry key can be created using UI by the following steps:
  1. Open Registry Editor on your Windows device
  2. Navigate to “Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache”
  3. Click on “Edit” -> “New” -> “DWORD (32-bit) Value” (on the top left side of the window)
  4. Rename this new registry key from “New Value #1” to “EnableDnr”
  5. Double-click on “EnableDnr” registry key
  6. In the new pop-up window, verify value name is “EnableDnr” and set value data to “1”
  7. Click “OK”
large


Command prompt​

Alternatively, the following command can be run in an administrator command prompt:

reg add HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters /v EnableDnr /t REG_DWORD /d 1

After all the registry changes are done, reboot the device for the new settings to take effect.

To see DNR working in action, try joining a network whose DHCPv4 or DHCPv6 server supports server-side DNR.

During our internal testing, we partnered with BT Group who prototyped server-side DNR on their DHCPv4 servers. A Windows Insiders device with DNR enabled was joined to a network provisioned by BT. The Windows Insiders device was able to use OPTION_V4_DNR to discover, validate and use BT’s trial DNS over HTTPS service.

Please note that our current client-side DNR implementation only supports configuration through following modes as stated in the DNR IETF draft:
We do not support the IPv6 RA Encrypted DNS option yet.

To stop using client-side DNR, the following command can be run in an administrator command prompt:

reg add HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters /v EnableDnr /t REG_DWORD /d 0

After running the command, reboot the device to return the machine to its original state.
Click to expand...

Source:
techcommunity.microsoft.com

Introducing DNR support for Windows Insiders

Instructions for enabling DNR in Windows Insiders to seamlessly deploy encrypted DNS
techcommunity.microsoft.com

Tutorial:
www.elevenforum.com

Enable or Disable Discovery of Network-designated Resolvers (DNR) in Windows 11 Tutorial

This tutorial will show you how to enable or disable Discovery of Network-designated Resolvers (DNR) support for all users in Windows 11. Starting with Windows 11 build 25982 (Canary), client-side DNR is now supported in Windows 11. DNR support is not available on non-Insider Windows builds...
www.elevenforum.com www.elevenforum.com
 

Attachments

  • DNS.png
    DNS.png
    21.3 KB · Views: 0
Last edited:
Click to expand...
As soon as Canary is done, I'm gonna add it to that VM and see how it works, if at all.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
You must log in or register to reply here.

Similar threads

  • Article
Insider Windows 11 Insider Canary Build 25982.1000 (23H2) - Oct. 25
2 3 4
Replies
60
Views
8K
Brink
Brink
  • Article
Network and Internet Enable or Disable Discovery of Network-designated Resolvers (DNR) in Windows 11
Replies
0
Views
2K
Brink
Brink
  • Article
Windows 11 Plans to Expand CLAT Support
Replies
0
Views
421
Brink
Brink
  • Article
Insider New Windows Server 2025 LTSC Preview Build 26085.1 - March 27
Replies
1
Views
2K
Brink
Brink
  • Article
Insider New Windows Server 2025 LTSC Preview Build 26080 - March 13
Replies
1
Views
2K
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom