- The new DNS over HTTPS feature in Windows 11 was implemented in order to help when it comes to encrypting your communication.
- You can start the new feature by simply accessing the DNS server alignment option.
- Microsoft acknowledged only a few DoH servers and they could become overcrowded.
- For IT admins it's important to know that they can set up the new feature from Group Policy.
Windows 11 has a new feature called DNS over HTTPS that you can use to perform encrypted DNS lookups to bypass certain Internet activity blockages.
In fact, a lot of governments and ISP monitor a user’s DNS traffic to apply bans and censorship.
That’s where the DNS over HTTPS steps into place and goes around any of these imposed limitations.
What is DNS over HTTPS and what does it do?
When you’re browsing online and you go to a website, your PC is communicating with a DNS (domain name system) server to get the IP address of the website.
Well, such a DNS inquiry can be monitored by your government or even by the ISP but if you use a DNS over HTTPS (DoH) that lookup is encrypted and can no longer be interrogated from outside.
You should know that if you’re using a Chromium-based browser like Chrome, Edge, Firefox, or Opera, you already have support for DoH.
But that will cover only the browsing activity, not the transfers from the other apps that you’re running on your PC.
By embedding that feature in the OS, you will be sure that all the DNS inquiries will be encrypted.
How can I use the DNS over HTTPS feature on Windows 11?
It’s not the first time that Microsoft is testing the DoH feature. It first appeared in the Windows 10 preview build 20185 for Windows Insiders but it was pulled back pretty fast.
Now, with Windows 11, the Redmond giant is taunting the feature again. If you installed the Preview Build, you can enable it if you go to Settings, then select Network & Internet, choose the Ethernet/Wireless option and click on Edit DNS server assignment.
The preferred DNS encryption option offers the following choices:
- Unencrypted only – Equivalent to an OFF feature, really
- Encrypted only (DNS over HTTPS) – Only use DoH servers
- Encrypted preferred, unencrypted only – If no DoH servers are available, switch to standard unencrypted DNS
What are the DNS over HTTPS servers?
As you’ve seen above, there is a tricky part to DoH encryption and that is that the data has to pass through a DoH server for encryption.
However, there are not a lot of servers that support DoH and can be used by default by Windows 11.
In fact, Microsoft provided a short list of servers that can provide the DNS-over-HTTPS feature:
- Cloudflare: 184.108.40.206 and 220.127.116.11 DNS servers
- Google: 18.104.22.168 and 22.214.171.124 DNS servers
- Quad9: 126.96.36.199 and 188.8.131.52 DNS servers
Things will get pretty crowded very soon unless something motivates the birth of a lot more of these.
But if you’re an IT manager, you can create your own DoH server definitions by performing the following commands in netsh or PowerShell.
netsh dns add encryption server=[resolver-IP-address] dohtemplate=[resolver-DoH-template] autoupgrade=yes udpfallback=no
Add-DnsClientDohServerAddress -ServerAddress '[resolver-IP-address]' -DohTemplate '[resolver-DoH-template]' -AllowFallbackToUdp $False -AutoUpgrade $True
Configure DoH through Group Policy
- Type group policy in Windows search and click on Edit Group Policy from the results.
- Go to the following path:
Computer Configuration/Administrative Templates/Network/DNS Client
- Look for the Configure DNS over HTTPS policy and double-click it.
- Click on Enable, then click on the drop-down menu from the Configure DoH options to select the preferred option.
Microsoft allows you to configure the DNS over HTTPS feature in Windows 11 through the group policies so use the steps above to do that.
We hoped that our guide helped you understand more about DNS over HTTPS and how to set it up.
If you’re having any problems with your new Windows 11 build, check this comprehensive guide where you will find all the current bugs and their solutions.
What do you think about the new DNS over HTTPS feature from Windows 11. Tell us all about it in a comment below.