Windows 11 DNS Over HTTPS: How to Enable & Use

The DNS over HTTPS protocol encrypts DNS traffic transmissions

Reading time icon 4 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • The DNS over HTTPS feature in Windows 11 was implemented in order to help when it comes to encrypting your communication.
  • You can enable this feature by simply accessing the DNS server alignment option.
  • Microsoft acknowledged only a few DoH servers which could become overcrowded.
  • For IT admins it’s important to know that they can set up the new feature from Group Policy.
Enable DNS over HTTPS in Windows 11

Windows 11 has a new feature called DNS over HTTPS that you can use to perform encrypted DNS lookups to bypass certain Internet activity blockages.

In fact, a lot of governments and ISP monitor a user’s DNS traffic to apply bans and censorship. That’s where the DNS over HTTPS steps into place and goes around any of these imposed limitations.

What is DNS over HTTPS and what does it do?

When you’re browsing online and you go to a website, your PC is communicating with a DNS (domain name system) server to get the IP address of the website.

Well, such a DNS inquiry can be monitored by your government or even by the ISP but if you use a DNS over HTTPS (DoH) that lookup is encrypted and can no longer be interrogated from outside.

You should know that if you’re using a Chromium-based browser like Chrome, Edge, Firefox, or Opera, you already have support for DoH.

But that will cover only the browsing activity, not the transfers from the other apps that you’re running on your PC.

By embedding that feature in the OS, you will be sure that all the DNS inquiries will be encrypted.

Can I use the DNS over HTTPS feature on Windows 11?

It’s not the first time that Microsoft is testing the DoH feature. It first appeared in the Windows 10 preview build 20185 for Windows Insiders but it was pulled back pretty fast. Now, with Windows 11, the Redmond giant is taunting the feature again.

The preferred DNS encryption option offers the following choices:

  • Unencrypted only – Equivalent to an OFF feature, really
  • Encrypted only (DNS over HTTPS) – Only use DoH servers
  • Encrypted preferred, unencrypted only – If no DoH servers are available, switch to standard unencrypted DNS

What are the DNS over HTTPS servers available on Windows 11?

There is a tricky part to DoH encryption and that is that the data has to pass through a DoH server for encryption.

However, there are not a lot of servers that support DoH and can be used by default by Windows 11. In fact, Microsoft provided a short list of servers that can provide the DNS-over-HTTPS feature. Here are some popular ones:

For IPv4

  • Cloudflare: 1.1.1.1 and 1.0.0.1 DNS servers
  • Google: 8.8.8.8 and 8.8.8.4 DNS servers
  • Quad9: 9.9.9.9 and 149.112.112.112 DNS servers

For IPv6

  • Google: 2001:4860:4860::8888 and 2001:4860:4860::8844
  • Cloudflare: 2606:4700:4700::1111 and 2606:4700:4700::1001
  • Quad9: 2620:fe::fe and 2620:fe::fe:9

Things will get pretty crowded very soon unless something motivates the birth of a lot more of these.

How can I enable DNS over HTTPS on my Windows 11 device?

1. Via Internet Settings

  1. Go to Settings.
  2. Select Network & Internet.
  3. Choose the Ethernet/Wireless option.
  4. Click on Edit DNS server assignment.
  5. Select Manual from the drop-down menu.
  6. Toggle the switch for IPv4 ON.
  7. Enter a DNS address in the Preferred DNS section. You can choose one from those previously mentioned in the article.
  8. In the Preferred DNS encryption section, choose Encrypted only (DNS OVER HTTPS).
  9. Enter a DNS address in the Alternate DNS section.
  10. Change this one to Encrypted only as well.
  11. Click on Save to apply the changes.

The easiest method to use this feature is via Internet Settings. The process is simple and easy to follow, and does not impose any risk to your PC.

2. Modify the Group Policy

Microsoft allows you to configure the DNS over HTTPS feature in Windows 11 through the group policies as well.

Once you enable DoH, the DNS serversย policy can be seen in the right pane, and you can set the IP Address in line with the provider that you want to use.

1. Press the Windowsย button on your keyboard to open the Windows search box.

2. Type group policy in the search box.

3. From the results, click on Edit Group Policy.

4. Go to the following path: Computer Configuration/Administrative Templates/Network/DNS Client

5. Select Enable.

6. Click on the drop-down menu from the Configure DoH options to select the preferred option.

from the Configure DoH options to select the preferred option

Can I create custom DoH server definitions?

If you’re an IT manager, you can create your own DoH server definitions by performing the following commands in netsh or PowerShell:

Netsh command: netsh dns add encryption server=[resolver-IP-address] dohtemplate=[resolver-DoH-template] autoupgrade=yes udpfallback=no

PowerShell command: Add-DnsClientDohServerAddress -ServerAddress '[resolver-IP-address]' -DohTemplate '[resolver-DoH-template]' -AllowFallbackToUdp $False -AutoUpgrade $True

We hoped that our guide helped you understand more about DNS over HTTPS and how to set it up.

If you’re having any problems with your new Windows 11 build, check out our comprehensive guide where you will find all the current bugs and their solutions.

For more information regarding DNS, don’t miss our guide on the fastest DNS servers near you and how to find them.

What do you think about the new DNS over HTTPS feature from Windows 11? Tell us all about it in the comments section below.

More about the topics: Windows 11

User forum

0 messages