Secure DNS lookups

How to enable DNS over HTTPS in Chrome

The Chrome browser now supports DNS over HTTPS to improve security and privacy, and these are the steps to configure it.

Chrome DNS over HTTPS configuration

Although most of the internet has already moved to the Hypertext Transfer Protocol Secure (HTTPS) to secure the communication when using the web, the Domain Name System (DNS) queries to resolve domain names to IP addresses are still being transmitted in plane text.

However, the web is now adopting a new protocol known as DNS over HTTPS (DoH), which is designed to increase privacy and security by encrypting DNS queries using the existing HTTPS protocol to prevent attacks and malicious individuals from snooping.

If you use Google Chrome on Windows 10, you can now enable the Secure DNS lookups feature to encrypt your name resolutions for a more secure browsing experience.

In this guide, you’ll learn the steps to enable DNS over HTTPS in Chrome version 78 or later.

How to enable DNS over HTTPS in Chrome

To enable DNS over HTTPS on the latest version of Google Chrome, use these steps:

  1. Open Chrome.

  2. Type the following path in the address bar and press Enter:

    chrome://flags/#dns-over-https
  3. Use the “Secure DNS lookups” drop-down menu on the right and select Enabled (or Disabled to turn the feature off).

    Enable DNS over HTTPS in Chrome
    Enable DNS over HTTPS in Chrome
  4. Click the Relaunch now button.

Once you complete the steps, Google Chrome will transmit DNS queries encrypted improving security and privacy while browsing.

How to check DNS over HTTPS configuration with Cloudflare

To confirm the DoH feature is working with the Cloudflare test, use these steps:

  1. Open Cloudflare DoH test website.

  2. Click the Check My Browser button.

    Cloudflare DNS over HTTPS test
    Cloudflare DNS over HTTPS test
  3. Confirm “DNS over HTTPS” is working correctly.

    DoH browser test result
    DoH browser test result

After you complete the steps, if you can confirm that the browser is using secure DNS, there’s nothing else you need to do.

If the result shows that “Encrypted SNI” is not configure, it an expected result because Chrome doesn’t support the feature at this time.

How to configure DNS settings on Windows 10

If the test shows that the browser still not using secure transport for your DNS queries, then you need to specify the DNS server that supports DoH in the Windows 10 networking settings. You’ll need to perform this task even if you’re already using a supported DNS provider within your router.

To change the DNS settings on Windows 10, use these steps:

  1. Open Control Panel.

  2. Click on Network and Internet.

  3. Click on Network and Sharing Center.

  4. On the left pane, click the Change adapter settings link.

    Control Panel's Network and Sharing Center
    Control Panel’s Network and Sharing Center
  5. Right-click the network adapter and select Properties.

  6. Select the Internet Protocol Version 4 (TCP/IPv4) option.

  7. Click the Properties button.

    Control Panel's network adapter properties
    Control Panel’s network adapter properties
  8. Under the “Use the following DNS server addresses” section set Preferred DNS server, which in this particular case is your router IP address (for example, 192.168.1.1).

  9. In the Alternative DNS server section, specify the IP address of the server providing DNS resolutions (for example, the one from Cloudflare, 1.1.1.1).

    Change DNS settings on Windows 10
    Change DNS settings on Windows 10
  10. Click the OK button.

  11. Click the Close button.

Once you complete the steps, the DNS over HTTPS test one more time, and now, the name resolution should transmit over the network encrypted. However, eventually, these steps won’t be necessary as Microsoft has already announced that native support for DNS over HTTPS is coming to Windows 10.

Although we’re using the Cloudflare DNS settings, you can use other public DNS providers that also support DNS over HTTPS, such as Google, OpenDNS, Cleanbrowsing, DNS.SB, and Quad9.