Configure DNS over HTTPS (DoH) on Windows 11

Development

In the digital age where privacy and security are paramount, DNS over HTTPS (DoH) has emerged as a powerful way to encrypt DNS queries and protect users from eavesdropping and tampering. With Windows 11, Microsoft has introduced native support for DoH, making it easier than ever for users to secure their DNS traffic. Enabling DoH on Windows 11 not only enhances privacy but also ensures that malicious actors cannot easily intercept or modify queries sent to DNS servers.

What is DNS over HTTPS (DoH)?

DNS over HTTPS is a protocol for performing remote Domain Name System resolution via the HTTPS protocol. This means instead of sending unencrypted DNS requests over port 53, DoH wraps those requests in HTTPS and sends them over port 443, effectively guarding against man-in-the-middle attacks and surveillance on DNS traffic.

Windows 11 supports DoH natively, and users can configure it either through the system’s graphical interface or via command-line tools like PowerShell. The following steps guide users on how to configure DoH using the built-in settings UI.

Steps to Enable DNS over HTTPS on Windows 11

Users can follow these steps to setup DoH:

  1. Open the Settings App: Click on the Start Menu and select Settings (gear icon) or press Win + I.
  2. Navigate to Network Settings: In the Settings window, go to Network & Internet.
  3. Select Network Adapter: Choose Wi-Fi or Ethernet depending on your connection, then click on the active network.
  4. Open DNS Settings: Scroll down and click Edit under the DNS server assignment section.
  5. Configure DNS Manually: From the dropdown menu, select Manual and enable IPv4 and/or IPv6 based on your preference.
  6. Enter DNS Addresses: Enter supported DoH resolver IPs (e.g., 1.1.1.1, 8.8.8.8). These generally belong to providers like Cloudflare and Google.
  7. Select DNS over HTTPS: After entering each DNS address, set the Preferred DNS encryption to Encrypted only (DNS over HTTPS).
  8. Save Changes: Click Save to apply the new DNS settings.

Once these settings are saved, Windows 11 will begin using the DoH protocol for all DNS queries on that network interface. It’s important to ensure that the DNS providers entered support DoH, or the system may fail to resolve domain names correctly.

Trusted DoH Providers

Below are some commonly used DoH providers that are recognized for security and speed:

  • Cloudflare (1.1.1.1, 1.0.0.1) – Privacy-focused with excellent uptime.
  • Google DNS (8.8.8.8, 8.8.4.4) – Known for reliability and speed.
  • Quad9 (9.9.9.9) – Filters malicious domains to protect users from phishing and malware.
  • NextDNS – Offers customizable filtering and analytics.

Verifying DoH is Enabled

To confirm that DNS over HTTPS is properly configured:

  1. Go back to the DNS server assignment settings.
  2. Ensure that the status under encryption shows Encrypted or Encrypted Only (DoH).
  3. You can also use websites like 1.1.1.1/help to verify if DoH is enabled in your browser and network setup.

If everything is set correctly, DNS queries will now be encrypted using HTTPS, making it significantly harder for third parties to inspect your browsing activity.

Benefits of Using DoH

  • Improved privacy: DNS queries are hidden from ISPs and other intermediaries.
  • Prevention of hijacking: Stops attackers from redirecting DNS queries to malicious websites.
  • Enhanced consistency: Helps deliver uniform DNS behavior across networks.

FAQs

  • Q: Is DNS over HTTPS available on all Windows 11 editions?
    A: Yes, it is available on all standard consumer and enterprise editions of Windows 11.
  • Q: Can I use custom DoH providers on Windows 11?
    A: Yes, as long as their IP addresses are known and their DoH endpoints are trusted by Windows.
  • Q: Will enabling DoH affect gaming or streaming performance?
    A: No. DoH may slightly affect DNS lookup time, but it’s generally negligible and doesn’t impact overall performance.
  • Q: Does DoH secure my internet connection?
    A: Not entirely. DoH secures DNS queries only. For complete protection, users should consider using a VPN.
  • Q: Can I revert to unencrypted DNS later?
    A: Yes, you can simply change the DNS encryption setting back to Unencrypted only in the DNS assignment section.

Enabling DNS over HTTPS on Windows 11 is a smart step toward enhanced internet privacy and security. With a few simple settings adjustments, users can ensure their DNS traffic is encrypted and protected from potential threats.

Upgrade to Windows 11 22H2 Easily

Fix Windows Terminal Not Launching in Windows 11

Contact us

We don't bite so don't be afraid to get in touch! Email is our preferred communication channel and we answer most messages on the same day. Please note that we don't do client projects.

LintedCode LLC
1309 Coffeen Avenue (Ste 1200), Sheridan
Wyoming 82801, USA
EIN: 372034638

info [at] lintedcode.com

@lintedcode

LintedCode