With Windows 11, you may utilize DNS over HTTPS (DoH) to encrypt the DNS requests your computer makes while you browse the web or conduct any other online activity, which will improve your online privacy and security. Here’s how to configure it.
DNS Encryption Is More Secure and Private
Your computer sends a request to a Domain Name System (DNS) server each time you access a website using a domain name (such as “google.com,” for instance). The DNS server uses the domain name to search a list for the IP address that corresponds. Your computer receives the IP address back from it and uses it to connect to the website.
Traditionally, the network was used for the unencrypted domain name fetching procedure. The domain names of the websites you are browsing could be intercepted at any point in between. The communications between your computer and a DNS server that supports DNS over HTTPS, or DoH, are encrypted. No one is able to decipher your DNS requests to spy on the websites you’re viewing or manipulate the DNS server’s replies.
Select a Supported Free DNS Service First
Since the release of Windows 11, only a specific hard-coded list of free DNS services are compatible with DNS over HTTPS in Windows 11. (you can see the list yourself by running netsh dns show encryption in a Terminal window).
Here’s the current list of supported IPv4 DNS service addresses as of November 2021:
- Google DNS Primary: 126.96.36.199 / 188.8.131.52
- Cloudflare DNS Primary: 184.108.40.206 / 220.127.116.11
- Quad9 DNS: 18.104.22.168 / 22.214.171.124
- AdguardDNS: 126.96.36.199 / 188.8.131.52
- NextDNS: 184.108.40.206 / 220.127.116.11
- OpenDNS: 18.104.22.168 / 22.214.171.124
For IPv6, here is the list of supported DNS service addresses:
- Google DNS: 2001:4860:4860::8888 / 2001:4860:4860::8844
- Cloudflare DNS: 2606:4700:4700::1111 / 2606:4700:4700::1001
- Quad9 DNS: 2620:fe::fe / 2620:fe::fe:9
- AdguardDNS: 2a10:50c0::ad1:ff / 2a10:50c0::ad2:ff
- NextDNS: 2a07:a8c0::d2:b227/ 2a07:a8c1::d2:b227
- OpenDNS: 2620:119:35::35 / 2620:119:53::53
You’ll need to select two pairs of these DNS servers to utilize with your Windows 11 PC when it comes time to enable DoH in the section below—primary and secondary for IPv4 and IPv6. Additionally, employing them will probably make your internet browsing faster.
Enable DNS over HTTPS in Windows 11
By typing Windows+i on your keyboard, launch the Settings app to begin configuring DNS via HTTPS. You may also choose “Settings” from the special menu that appears by right-clicking the Start button.
In Settings, click “Network & Internet” in the sidebar.
In Network & Internet settings, click the name of your primary internet connection in the list, such as “Wi-Fi” or “Ethernet.” (Don’t click “Properties” near the top of the window—that won’t let you encrypt your DNS connections.)
On the network connection’s properties page, select “Hardware Properties.”
On the Wi-Fi or Ethernet hardware properties page, locate the “DNS Server Assignment” option and click the “Edit” button beside it.
In the window that pops up, use the drop-down menu to select “Manual” DNS settings. Then flip the “IPv4” switch to the “On” position.
In the IPv4 section, enter the primary DNS server address you chose from the section above in the “Preferred DNS” box (such as “126.96.36.199”). Similarly, enter the secondary DNS server address in the “Alternate DNS” box (such as “188.8.131.52”).
Tip: If you don’t see the DNS encryption options, then you’re editing the DNS settings for your Wi-Fi SSID. Make sure you select the connection type in Settings > Network & Internet, then click “Hardware Properties” first.
In the same window, set “Preferred DNS Encryption” and “Alternate DNS Encryption” to “Encrypted Only (DNS over HTTPS)” using the drop-down boxes below the DNS addresses you entered in the last step.
After that, repeat this process with IPv6.
Flip the IPv6 switch to the “On” position, and then copy a primary IPv6 address in the section above and paste it into the “Preferred DNS” box. Next, copy a matching secondary IPv6 address and paste it into the “Alternate DNS” box.
After that, set both “DNS encryption” settings to “Encrypted Only (DNS over HTTPS).” Finally, click “Save.”
Back on the Wi-Fi or Ethernet hardware properties page, you’ll see your DNS servers listed with an “(Encrypted)” beside each one of them.
That’s all you need to do. Close the Settings app, and you’re ready to go. From now on, all of your DNS requests will be private and secure. Happy browsing!
Note: If you experience network problems after changing these settings, be sure to check that you entered the IP addresses correctly. A mistyped IP address would result in the DNS servers being unreachable. If the addresses appear to be typed correctly, try disabling the “IPv6” switch in the DNS servers list. If you configure IPv6 DNS servers on a computer without IPv6 connectivity, this could cause connectivity issues.
Update: You can use any DoH server now by inserting manual template.