Hello,
Yes, Windows Server 2022 Active Directory DNS server supports encryption DNS (DOH or DOT). Specifically.
Windows Server 2022 supports DNS Over HTTPS (DOH) and DNS Over TLS (DOT). These protocols provide a method of encrypted DNS traffic to enhance network security and privacy protection. After the DOH is enabled, the DNS query between the Windows Server's DNS client and the DNS server will be passed through a secure HTTPS connection instead of being passed in the form of pure text.
Through the encryption connection, the DNS query can be protected from the interception of a third party that is not trusted. Essence DoH helps to prevent eavesdropping and tampering with your DNS data and protect the privacy of traffic as much as possible. Windows Server 2022 also supports TLS -based DNS (DOT). DOT is encrypted by the TLS tunnel on the TLS tunnel on the special port 853.
Thanks,
Shujun