How to enable DNS over HTTPS (DoH) on Windows 11

Windows 11 now includes support for DNS over HTTPS to improve your online privacy, and here's how to configure the feature.

Windows 11 with DNS over HTTPS
Windows 11 with DNS over HTTPS
  • To enable DoH on Windows 11, open Settings > Network & internet > Wi-Fi and manually configure the “DNS server assignment” setting.
  • To check DoH configuration, open Settings > Network & internet > Wi-Fi, and check the “IPv4 DNS servers” address should include an Encrypted label.

On Windows 11, you can enable DNS over HTTPS (DoH) for a more secure and private online experience, and in this guide, you will learn how.

DNS over HTTPS is a networking protocol designed to encrypt Domain Name System (DNS) queries using the Hypertext Transfer Protocol Secure (HTTPS) protocol. The main purpose of DoH is to protect these queries to increase user privacy and security by stopping malicious individuals from viewing and manipulating DNS traffic originating from your computer to prevent things like man-in-the-middle attacks.

Web browsers like Google Chrome and Mozilla Firefox already support this additional layer of security, but now, Windows 11 now supports DoH natively, and you can configure it in the Settings app.

This guide will teach you the steps to enable DNS over HTTPS on Windows 11 to make your online experience a little more private.

Enable DNS over HTTPS (DoH) on Windows 11

To configure DNS over HTTPS (DoH) on Windows 11, use these steps:

  1. Open Start on Windows 11.

  2. Search for Settings and click the top result to open the app.

  3. Click on Network & internet.

  4. Click the Ethernet or Wi-Fi tab (depending on the active connection).

    Quick note: If you have a wireless connection, you need to click on the connection properties setting to access the settings.
  5. In the “DNS server assignment” setting, click the Edit button.

    Open DNS settings on Windows 11

  6. Select the Manual option from the drop-down menu.

  7. Turn on the IPv4 toggle switch.

  8. Under the “Preferred DNS” and “Alternate DNS” sections, specify the primary and secondary DoH IP address from one of the supported services:

    • Cloudflare:
    • 1.1.1.1 
    • 1.0.0.1 
    • Google:
    • 8.8.8.8
    • 8.8.4.4 
    • Quad9:
    • 9.9.9.9
    • 149.112.112.112

    Enable DoH for IPv4

  9. Use the “DNS over HTTPS” drop-down menu and select the On (automatic template) option, but you can also choose other encryption preferences, including:

    • Off: Transmits all DNS traffic without encryption.
    • On (automatic template): Sends all DNS traffic with encryption (recommended).
    • On (manual template): Allows you to specify a specific template. Only required if the DNS service doesn’t work automatically or has a template that works as expected.
  10. Turn off the “Fallback to plaintext” toggle switch.

    Quick tip: If you enable this feature, the system will encrypt DNS traffic, but it allows queries to be sent without encryption.
  11. (Optional) Turn on the IPv6 toggle switch.

  12. Under the “Preferred DNS” and “Alternate DNS” sections, specify the primary and secondary DoH IP address from one of the supported services:

    • Cloudflare:
    • 2606:4700:4700::1111
    • 2606:4700:4700::1001
    • Google:
    • 2001:4860:4860::8888
    • 2001:4860:4860::8844
    • Quad9:
    • 2620:fe::fe
    • 2620:fe::fe:9

    Enable DoH for IPv6

  13. Use the “Preferred DNS encryption” drop-down menu and select the On (automatic template) option.

  14. Turn off the “Fallback to plaintext” toggle switch unless you want to allow traffic to be sent unencrypted if some reason, it cannot be encrypted.

  15. Click the Save button.

Once you complete the steps, Windows 11 will encrypt DNS traffic over the HTTPS protocol.

Confirm DNS over HTTPS is working

To check if DoH is working on Windows 11, use these steps:

  1. Open Start.

  2. Search for Settings and click the top result to open the app.

  3. Click on Network & Internet.

  4. Click the Ethernet or Wi-Fi tab.

  5. Under the “DNS server assignment” section, the “IPv4 DNS servers” address should include an Encrypted label.

    Check DoH on Windows 11

After you complete the steps, you will know whether the DNS over HTTPS has been configured correctly on Windows 11.

About the author

Mauro Huculak is a Windows How-To Expert who started Pureinfotech in 2010 as an independent online publication. He has also been a Windows Central contributor for nearly a decade. Mauro has over 14 years of experience writing comprehensive guides and creating professional videos about Windows and software, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 20 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and About.me.