-
To enable DoH on Windows 11, open
Settings
>
Network & internet
>
Wi-Fi
and manually configure the
“DNS server assignment”
setting. -
To check DoH configuration, open
Settings
>
Network & internet
>
Wi-Fi
, and check the “IPv4 DNS servers” address, which should include an
Encrypted
label.
On
Windows 11
, you can enable DNS over HTTPS (DoH) for a more secure and private online browsing experience, and in this guide, I will teach you how to complete this configuration.
DNS over HTTPS
is a networking protocol designed to encrypt
Domain Name System (DNS)
queries using the
Hypertext Transfer Protocol Secure (HTTPS)
protocol. The main purpose of DoH is to protect these queries and increase user privacy and security by stopping malicious individuals from viewing and manipulating DNS traffic originating from your computer to prevent
man-in-the-middle attacks
.
Web browsers like
Google Chrome
and
Mozilla Firefox
already support this additional layer of security, but Windows 11 now natively supports DoH, which you can configure in the Settings app.
This
guide
will teach you the steps to enable DNS over HTTPS on Windows 11, which will make your online experience a little more private.
Enable DNS over HTTPS (DoH) on Windows 11
To configure DNS over HTTPS (DoH) on Windows 11, use these steps:
Open
Start
on Windows 11.
Search for
Settings
and click the top result to open the app.
Click on
Network & internet
.
Click the
Ethernet
or
Wi-Fi
tab (depending on the active connection).
Click the
Edit
button in the “DNS server assignment” setting.
Select the
Manual
option from the drop-down menu.
Turn on the
IPv4
toggle switch.
Under the “Preferred DNS” and “Alternate DNS” sections, specify the primary and secondary DoH IP address from one of the supported services:
-
Cloudflare:
- 1.1.1.1
- 1.0.0.1
-
Google:
- 8.8.8.8
- 8.8.4.4
-
Quad9:
- 9.9.9.9
- 149.112.112.112
Use the “DNS over HTTPS” drop-down menu and select the
On (automatic template)
option, but you can also choose other encryption preferences, including:
-
Off:
Transmits all DNS traffic without encryption. -
On (automatic template):
Sends all DNS traffic with encryption (recommended). -
On (manual template):
This option allows you to specify a specific template. It is only required if the DNS service doesn’t work automatically or has a template that works as expected.
Turn off the
“Fallback to plaintext”
toggle switch.
(Optional) Turn on the
IPv6
toggle switch.
Under the “Preferred DNS” and “Alternate DNS” sections, specify the primary and secondary DoH IP address from one of the supported services:
-
Cloudflare:
- 2606:4700:4700::1111
- 2606:4700:4700::1001
-
Google:
- 2001:4860:4860::8888
- 2001:4860:4860::8844
-
Quad9:
- 2620:fe::fe
- 2620:fe::fe:9
Select the
On (automatic template)
option in the “Preferred DNS encryption” setting.
Turn off the “Fallback to plaintext” toggle switch unless you want to allow traffic to be sent unencrypted when encryption isn’t available.
Click the
Save
button.
Once you complete the steps, Windows 11 will encrypt DNS traffic over the HTTPS protocol.
Check DNS over HTTPS status
To check if DoH is working on Windows 11, use these steps:
Open
Start
.
Search for
Settings
and click the top result to open the app.
Click on
Network & Internet
.
Click the
Ethernet
or
Wi-Fi
tab.
The “IPv4 DNS servers” address should include an
Encrypted
label under the “DNS server assignment” section.
After you complete the steps, you will know whether the DNS over HTTPS has been configured correctly on Windows 11.
Update May 7, 2024:
This guide has been updated to ensure accuracy and reflect changes to the process.