Configure DNS over HTTPS (DoH) name resolutionID: oval:org.secpod.oval:def:81204 | Date: (C)2022-06-06 (M)2023-12-12 |
Class: COMPLIANCE | Family: windows |
Specifies if the DNS client will perform name resolution over DNS over HTTPS (DoH).
By default, the DNS client will do classic DNS name resolution (over UDP or TCP). This setting can enhance the DNS client to use DoH protocol to resolve domain names.
To use this policy setting, click Enabled, and then select one of the following options from the drop-down list:
Prohibit DoH: No DoH name resolution will be performed.
Allow DoH: Perform DoH queries if the configured DNS servers support it. If they don't support it, try classic name resolution.
Require DoH: Allow only DoH name resolution. If there are no DoH capable DNS servers configured, name resolution will fail.
If you disable this policy setting, or if you do not configure this policy setting, computers will use locally configured settings.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Network\DNS Client\Configure DNS over HTTPS (DoH) name resolution
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient!DoHPolicy
Platform: |
Microsoft Windows Server 2022 |