October 25, 2023 at 04:49PM
Microsoft is testing support for the Discovery of Network-designated Resolvers (DNR) standard, allowing automated discovery of encrypted DNS servers on local networks. With DNR, devices can automatically configure to use encrypted DNS protocols like DoT, DoH, and DoQ. This feature is currently rolling out to Windows Insiders using the latest build. Microsoft has also added SMB client encryption and ReFS filesystem Block Cloning Support in Windows 11 Insider build.
Based on the meeting notes, here are the key takeaways:
1. Microsoft is testing support for the Discovery of Network-designated Resolvers (DNR) internet standard, which allows automated client-side discovery of encrypted DNS servers on local area networks.
2. Client-side DNR automatically configures devices to reach encrypted DNS resolvers and use encrypted DNS protocols like DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ).
3. A device with client-side DNR enabled queries the local DHCP server for encrypted DNS details when joining a new network.
4. Windows Insiders users can now use encrypted DNS protocols without manual configuration by enabling DNR.
5. Support for client-side DNR is rolling out to Windows Insiders using Windows Insider build 25982 or above.
6. To activate DNR on a device, a new EnableDnr registry key must be created under Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache using a specific command.
7. Restarting the device is necessary for the updated DNR settings to take effect.
8. To disable client-side DNR, a specific command must be run in an administrator command prompt, followed by a system reboot.
9. Microsoft now allows admins to require SMB client encryption for all outbound connections to enhance security.
10. ReFS filesystem Block Cloning Support has been added to the Windows copy engine to improve the performance of copying larger files on ReFS volumes.
Please let me know if there’s anything else I can assist you with.