Windows 10 build 19628 download
DNS encryption

Windows 10 build 19628 releases in the Fast ring

Microsoft finally brings encryption for DNS queries in the latest preview of Windows 10 (build 19628).

Microsoft is now rolling out Windows 10 build 19628 for devices enrolled in the Fast ring of the Windows Insider Program. This is the preview number 20 releasing to testers, and it’s a small update that introduces some new improvements.

Windows 10 build 19628, according to the software giant, brings support for DNS over HTTPS to encrypt the DNS queries made by the system, but it’s disabled by default and you need to enable it manually to opt in. In addition, this flight fixes problem that will make devices fail to update with error code 0xc0000409.

Build 19628 also ships with some known issues, including update process hanging for extended periods, problems with privacy settings not showing correctly, and taskbar preview thumbnails aren’t rendering consistently.

Microsoft is listing the complete set of improvements, fixes, and known issues for Windows 10 Insider Preview build 19628 at the Windows Blog.

Enable DNS over HTTPS using Registry on Windows 10

On Windows 10, DoH was first introduced with build 19628, and at the time you needed to use the Registry to enable the feature. Starting with build 20185, you can configure this feature using the Settings app with the above steps.

To enable DNS over HTTPS (preview) on Windows 10, use these steps:

Important: It’s recommended that you do a full backup of your computer before proceeding, as modifying the registry incorrectly can cause irreversible damage to your installation. Also, after the DoH is fully implemented on Windows 10, the Registry configuration will no longer be supported. This is only for testing purposes.
  1. Open Start.

  2. Search for regedit and click the top result to open the Registry.

  3. Browse the following path:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
    Quick tip: You can copy and paste the path into the Registry’s address bar to quickly navigate to the key destination.
  4. Right-click the Parameters (folder) key, select New, and click on DWORD (32-bit) Value.

    Parameter key in Registry
    Parameter key in Registry
  5. Name the key EnableAutoDoh and press Enter.

  6. Double-click the newly created DWORD and set the value from 0 to 2.

    Enable DoH on Windows 10
    Enable DoH on Windows 10
  7. Click the OK button.

  8. Restart your computer.

Once you complete the steps, DNS over HTTPS will activate, and Windows 10 will start encrypting DNS queries depending on the DoH addresses you’re using.

Set DNS over HTTPS address on Windows 10

To configure a DNS over HTTPS address on Windows 10, use these steps:

  1. Open Control Panel.

  2. Click on Network and Internet.

  3. Click on Network and Sharing Center.

  4. On the left pane, click the Change adapter settings link.

    Control Panel's Network and Sharing Center
    Control Panel’s Network and Sharing Center
  5. Right-click the network adapter and select Properties.

  6. Select the Internet Protocol Version 4 (TCP/IPv4) option.

  7. Click the Properties button.

    Control Panel's network adapter properties
    Control Panel’s network adapter properties
  8. Under the “Use the following DNS server addresses” section set Preferred DNS server, which is IP address of the server providing DNS resolutions (for example, 8.8.8.8).

    Change DNS server addresses using Control Panel
    Change DNS server addresses using Control Panel
  9. (Optional) Set the Alternative DNS server, which is the DNS address that your device will use if it can’t reach the preferred server address.

  10. Click the OK button.

  11. Click the Close button.

After you complete the steps, Windows 10 will begin encrypting DNS traffic over the HTTPS protocol.

In this guide, we’re using the Google Public DNS addresses, but you can use any service that offers DoH, including Cloudflare and Cisco OpenDNS. You can learn more ways to change the DNS address on Windows 10 using these instructions.

Check DNS over HTTPS is working on Windows 10

To verify that DoH is working on Windows 10, use these steps:

  1. Open Start.

  2. Search for Command Prompt, right-click the top result and select the Run as administrator option.

  3. Type the following command to reset network traffic filter using PacketMon and press Enter:

    pktmon filter remove
  4. Type the following command to add a traffic filter for port 53 and press Enter:

    pktmon filter add -p 53
  5. Type the following command to start a real-time logging of traffic and press Enter:

    pktmon start --etw -m real-time

    Windows 10 test DoH using PacketMon
    Windows 10 test DoH using PacketMon
  6. Confirm that (little or) no DoH traffic is present.

Once you complete the steps, the none or almost none DNS traffic on port 53 will confirm that DoH has been configured correctly.

Download Windows 10 build 19628

The preview is available immediately through the Fast ring. This preview build will download and install automatically on your computer, but you can always force the update from Settings Update & security > Windows Update, and clicking the Check for updates button.

You can learn more about all the changes available in the current development process of Windows 10 in this guide.