Better privacy

How to enable DNS over HTTPS (DoH) on Windows 11

Windows 11 now includes support for DNS over HTTPS to improve your online privacy, and here's how to configure the feature.

Windows 11 with DNS over HTTPS configured
  • To enable DoH on Windows 11 go to Settings > Network & internet > Wi-Fi, and configure the “DNS server assignment” setting manually.
  • To check DoH configuration go to Settings > Network & internet > Wi-Fi, check the “IPv4 DNS servers” address should include an Encrypted label.

DNS over HTTPS (DoH) is a networking protocol designed to encrypt Domain Name System (DNS) queries using the Hypertext Transfer Protocol Secure (HTTPS) protocol. The main purpose of DoH is to protect these queries to increase user privacy and security by stopping malicious individuals from viewing and manipulating DNS traffic originating from your computer to prevent things like man-in-the-middle attacks.

Web browsers like Google Chrome and Mozilla Firefox already support this additional layer of security, but now, Windows 11 now supports DoH natively, and you can configure it in the Settings app.

In this guide, you will learn the steps to enable DNS over HTTPS on Windows 11 to make your online experience a little more private.

Enable DNS over HTTPS (DoH) on Windows 11

To configure DNS over HTTPS (DoH) on Windows 11, use these steps:

  1. Open Start on Windows 11.

  2. Search for Settings and click the top result to open the app.

  3. Click on Network & internet.

  4. Click the Ethernet or Wi-Fi page on the right side, depending on the active connection.

  5. In the “DNS server assignment” setting, click the Edit button.

    DNS server assignment setting
    DNS server assignment setting
  6. Use the drop-down menu and select the Manual option.

  7. Turn on the IPv4 toggle switch.

  8. Under the “Preferred DNS” and “Alternate DNS” sections, specify the primary and secondary DoH IP address from one of the supported services:

    • Cloudflare:
    • 1.1.1.1 
    • 1.0.0.1 
    • Google:
    • 8.8.8.8
    • 8.8.4.4 
    • Quad9:
    • 9.9.9.9
    • 149.112.112.112

    Enable DoH for IPv4
    Enable DoH for IPv4
  9. Use the “Preferred DNS encryption” drop-down menu and select the Encrypted only (DNS over HTTPS) option, but you can also choose other encryption preferences, including:

    • Unencrypted only: Transmits all DNS traffic without encryption.
    • Encrypted only (DNS over HTTPS): Transmits all DNS traffic with encryption (recommended).
    • Encrypted preferred, unencrypted allowed: Transmits DNS traffic encrypted, but it allows queries to be sent without encryption.
  10. (Optional) Turn on the IPv6 toggle switch.

  11. Under the “Preferred DNS” and “Alternate DNS” sections, specify the primary and secondary DoH IP address from one of the supported services:

    • Cloudflare:
    • 2606:4700:4700::1111
    • 2606:4700:4700::1001
    • Google:
    • 2001:4860:4860::8888
    • 2001:4860:4860::8844
    • Quad9:
    • 2620:fe::fe
    • 2620:fe::fe:9

    Enable DoH for IPv6
    Enable DoH for IPv6
  12. Use the “Preferred DNS encryption” drop-down menu and select the Encrypted only (DNS over HTTPS) option.

  13. Click the Save button.

Once you complete the steps, Windows 11 will start encrypting DNS traffic over the HTTPS protocol.

Confirm DNS over HTTPS is working

To check if DoH is working on Windows 11, use these steps:

  1. Open Start.

  2. Search for Settings and click the top result to open the app.

  3. Click on Network & Internet.

  4. Click the Ethernet or Wi-Fi page on the right side, depending on the active connection.

  5. Under the “DNS server assignment” section, the “IPv4 DNS servers” address should include an Encrypted label.

    Confirm DNS over HTTPS
    Confirm DNS over HTTPS

After you complete the steps, you will know whether the DNS over HTTPS has been configured correctly on Windows 11.