Enable and Configure DNS over HTTPS (DoH) in Windows 10/11 for Better Privacy

Enable and Configure DNS over HTTPS (DoH) in Windows 10/11 for Better Privacy​

Difficulty: Intermediate | Time Required: 20 minutes

Introduction​

DNS over HTTPS (DoH) encrypts DNS queries — the lookups your PC makes to convert website names (example.com) into IP addresses — by sending them over HTTPS. This prevents on‑network observers (and some ISPs) from easily seeing or tampering with the sites you visit. In Windows 11 (and newer Windows 10 builds) you can configure DoH system‑wide so all apps benefit, not just your browser. This guide walks you through enabling and testing DoH, plus tips and troubleshooting.

Prerequisites​

• Windows 11, or Windows 10 with a recent update that includes DoH support (Windows 10 21H2+ is recommended). If your Windows 10 build doesn’t include system DoH settings, see the “Alternate (browser-level) option” below.
• Administrative rights to change network settings.
• A DoH‑capable DNS provider (examples below).
• Network connectivity and basic familiarity with Settings and Command Prompt/PowerShell.

Supported public DoH providers (examples)

• Cloudflare: 1.1.1.1 — DoH template: https://cloudflare-dns.com/dns-query
• Google: 8.8.8.8 — DoH template: https://dns.google/dns-query
• Quad9: 9.9.9.9 — DoH template: https://dns.quad9.net/dns-query
• NextDNS: custom ID — template: https://dns.nextdns.io/<your-id>

Step-by-step instructions (Windows 11)​

1. Open Settings (Win + I).
2. Click Network & internet.
3. Select Wi‑Fi or Ethernet depending on your connection.
4. Click the name of the network / the adapter (e.g., “Wi‑Fi” → your SSID, or “Ethernet” → your adapter).
5. Under “DNS server assignment” click Edit.
6. Change from “Automatic (DHCP)” to Manual.
7. Enable IPv4 (or IPv6 if you use it), enter the Preferred and Alternate DNS addresses (e.g., 1.1.1.1 and 1.0.0.1 for Cloudflare).
8. For Encryption, select “Encrypted only (DNS over HTTPS)” or “Encrypted, if available” (wording may vary by build). If prompted for a provider choice:
   • Choose a listed provider (Cloudflare, Google, etc.), or
   • Choose Custom and paste the provider’s DoH template URL (for example: https://cloudflare-dns.com/dns-query).
9. Click Save, then close Settings.

Step-by-step instructions (Windows 10 — GUI if available)​

1. Open Settings > Network & Internet.
2. Select Ethernet or Wi‑Fi, then click the adapter or network name.
3. Look for a DNS server assignment Edit button (this appears on recent builds).
4. If available, switch to Manual, enter DNS addresses, and set encryption options as on Windows 11.
5. If your Windows 10 build does not show these options, see “Alternate (browser-level) option” below or consider upgrading to a newer build/Windows 11.

Alternate: Configure DNS server addresses with netsh (all Windows)​

Setting DNS server addresses helps point your system to a DoH provider, but does not guarantee Windows will use DoH system‑wide unless the OS supports it. Use this if you only have an older Windows 10 build or prefer command line:

1. Open an elevated Command Prompt (Run as Administrator).
2. Set DNS for Wi‑Fi (example for Cloudflare):
   • netsh interface ip set dns name="Wi-Fi" source=static addr=1.1.1.1
   • netsh interface ip add dns name="Wi-Fi" addr=1.0.0.1 index=2
3. Or for Ethernet: replace "Wi‑Fi" with "Ethernet".
4. Flush DNS cache: ipconfig /flushdns
   Note: If the OS doesn’t support system DoH, you can still enable DoH in browsers (below).

Enable DoH in browsers (if system DoH unavailable)​

• Chrome: Settings > Privacy and security > Security > Use secure DNS. Choose a provider or enter a custom DoH template.
• Firefox: Options > General > Network Settings > Settings… > Enable DNS over HTTPS, then pick a provider or custom URL.
• Edge: Settings > Privacy, search, and services > Security > Use secure DNS.

Testing and verification​

1. After changes, flush cache: ipconfig /flushdns
2. Visit Cloudflare’s check page in a browser: 1.1.1.1 — One of the Internet’s Fastest, Privacy-First DNS Resolver — it reports whether your browser or system is using DNS over HTTPS.
3. Use DNS leak test pages (dnsleaktest.com) to see which resolver responds.
4. For system-level logs: Event Viewer > Applications and Services Logs > Microsoft > Windows > DNS‑Client (Operational) can show DNS events on modern builds.

Tips, warnings, and troubleshooting​

• Tip: Use a reputable DoH provider — while DoH hides DNS from your local network, your chosen resolver can still see (and log) your queries. Review provider privacy policies.
• Warning: On domain‑joined (work) machines, corporate policies or Group Policy may manage DNS — do not override without IT approval.
• Note: Some parental‑control or local network filtering solutions rely on local DNS. DoH may bypass those filters unless implemented at the resolver level (e.g., Quad9 parental).
• If DoH isn’t taking effect:
  • Verify you entered the correct DoH template (if using Custom).
  • Ensure no firewall or security product is intercepting HTTPS/DNS traffic.
  • Reboot or disable other DNS‑configuring apps (VPN clients, security suites) temporarily to test.
• If you lose network access after changing DNS, revert to “Automatic (DHCP)” or use known working IPs.
• VPNs: Many VPN services override DNS; DoH behavior may change while the VPN is active.

Conclusion​

Enabling DNS over HTTPS in Windows 11 (and supported Windows 10 builds) gives you an extra privacy layer by encrypting DNS queries that were historically in clear text. If your Windows build doesn’t yet support system DoH, you can still get much of the benefit by configuring DoH in your browser or by pointing your system to a trusted resolver and updating when a system update adds native DoH support. Remember to pick a reputable provider, check how DoH interacts with corporate or parental controls, and test after configuring.
Key Takeaways:

• DoH encrypts DNS lookups, improving privacy and preventing on‑network snooping.
• Windows 11 includes easy Settings UI to enable encrypted DNS; recent Windows 10 builds may also have it.
• If system support is not available, use browser DoH or set DNS server addresses and test.
• Choose reputable DoH providers and be mindful of corporate policies and parental controls.

---

This tutorial was generated to help WindowsForum.com users get the most out of their Windows experience.