Better privacy

How to enable DNS over HTTPS (DoH) on Windows 10

Windows 10 now includes support for DNS over HTTPS to improve your online privacy, and here's how to enable the feature.

Windows 10 enable DNS over HTTPS

DNS over HTTPS (DoH) is a networking protocol designed to encrypt Domain Name System (DNS) queries using the Hypertext Transfer Protocol Secure (HTTPS) protocol. The main purpose of DoH is to protect these queries is to increase user privacy and security by stopping malicious individuals from viewing and manipulating DNS traffic originating from your device to prevent things like man-in-the-middle attacks.

Web browsers like Google Chrome and Mozilla Firefox already support this additional layer of security, and Windows 10 now supports DoH natively since build 19628 using the Registry and since build 20185 using the Settings app available through the Dev Channel.

In this guide, you’ll learn the steps to enable DNS over HTTPS on Windows 10 to make your online experience a little more private.

Enable DNS over HTTPS using Settings on Windows 10

Starting with build 20185, you can enable DNS over HTTPS from the network properties settings without the need to modify the Registry.

To enable DNS over HTTPS (DoH) on Windows 10, use these steps:

  1. Open Settings.

  2. Click on Network & Internet.

  3. Click on Status.

  4. Under the “Network status” section, click the Properties button for the active connection.

    Network status connection properties
    Network status connection properties
  5. Under the “DNS settings” section, click the Edit button.

    DNS server assignment option
    DNS server assignment option
  6. Use the drop-down menu and select the Manual option.

  7. Turn on the IPv4 toggle switch.

  8. Under the “Preferred DNS” and “Alternate DNS” sections, specify the primary and secondary DoH IP address from one of the supported services:

    • Cloudflare:
    • 1.1.1.1 
    • 1.0.0.1 
    • Google:
    • 8.8.8.8
    • 8.8.4.4 
    • Quad9:
    • 9.9.9.9
    • 149.112.112.112

    Windows 10 IPv4 DNS over HTTPS
    Windows 10 IPv4 DNS over HTTPS
  9. Use the “Preferred DNS encryption” drop-down menu and select the Encrypted only (DNS over HTTPS) option, but you can also choose other encryption preferences, including:

    • Unencrypted only: Transmits all DNS traffic without encryption.
    • Encrypted only (DNS over HTTPS): Transmits all DNS traffic with encryption (recommended).
    • Encrypted preferred, unencrypted allowed: Transmits DNS traffic encrypted, but it allows queries to be sent without encryption.
  10. (Optional) Turn on the IPv6 toggle switch.

  11. Under the “Preferred DNS” and “Alternate DNS” sections, specify the primary and secondary DoH IP address from one of the supported services:

    • Cloudflare:
    • 2606:4700:4700::1111
    • 2606:4700:4700::1001
    • Google:
    • 2001:4860:4860::8888
    • 2001:4860:4860::8844
    • Quad9:
    • 2620:fe::fe
    • 2620:fe::fe:9

    Windows 10 IPv6 DNS over HTTPS
    Windows 10 IPv6 DNS over HTTPS
  12. Use the “Preferred DNS encryption” drop-down menu and select the Encrypted only (DNS over HTTPS) option.

  13. Click the Save button.

Once you complete the steps, Windows 10 will start encrypting DNS traffic over the HTTPS protocol.

Check DNS over HTTPS is working

To check if DoH is working, use these steps:

  1. Open Settings.

  2. Click on Network & Internet.

  3. Click on Status.

  4. Under the “Network status” section, click the Properties button for the active connection.

  5. Under the “DNS settings” section, the IPv4 DNS servers address should include an Encrypted label.

    Windows 10 DoH enabled
    Windows 10 DoH enabled

After you complete the steps, you’ll have an understanding whether the DNS over HTTPS is working correctly.

On Windows 10, DoH was first introduced with build 19628, and at the time you needed to use the Registry to enable the feature. Starting with build 20185, you can configure this feature using the Settings app with the above steps.

If the option is not available, it’s because you’re not running the version of Windows 10 that supports this feature. DNS over HTTPS is available in the Settings app starting with build 20185 and higher releases. You can check the version you’re running on Settings > System > About.