How to enable DNS over HTTPS in Windows 11

How to enable DNS over HTTPS in Windows 11

When accessing a site in a browser or from a program, the traffic between your computer and the DNS server is not encrypted by default: the domain name is sent to the DNS server, which in turn returns the corresponding IP address, all this in clear. The DNS over HTTPS (DoH) protocol encrypts DNS traffic to prevent the threat of "eavesdropping" on DNS traffic and determining which Internet sites you are connecting to.

This tutorial is about how enable dns over HTTPS in Windows 11 for the system as a whole (individual browsers in recent versions use DoH regardless of system settings), which can have a potentially positive impact on the security of your Internet traffic.

Table of Contents

ed DNS servers for DNS over HTTPS in Windows 11

To enable DNS over HTTPS in Windows 11, you will need to use one of the DNS servers that the system s DoH. You can get a list of these servers on the command line using the command

netsh dns show encryption

At the time of writing this article, the list of these DNS servers is as follows:

For IPv4:

  • Basic Google DNS – 8.8.8.8
  • Alternative to Google DNS – 8.8.4.4
  • Cloudflare Primary DNS – 1.1.1.1
  • Cloudflare DNS Alternative – 1.0.0.1
  • Primary Quad9 DNS – 9.9.9.9
  • Alternative to Quad9 DNS – 149.112.112.112

For IPv6:

  • Basic Google DNS: 2001: 4860: 4860 :: 8888
  • Alternative to Google DNS: 2001: 4860: 4860 :: 8844
  • Cloudflare Primary DNS: 2606: 4700: 4700 :: 1111
  • Cloudflare DNS Alternative: 2606: 4700: 4700 :: 1001
  • Primary Quad9 DNS: 2620: fe :: fe
  • Alternative to Quad9 DNS: 2620: fe :: fe: 9

To enable DoH on Windows 11 you will need to select DNS servers from this list and use them when configured as described below.

Configuring DNS over HTTPS in Windows 11

To enable DNS over HTTPS in Windows 11, the following steps are necessary:

  1. Open Settings: It can be done with the Win+I hotkey, from the Start menu, from the Start button context menu.
  2. Open the “Network and Internet” section, and in it, the item Wi-Fi or Ethernet, depending on the connection for which you want to enable DoH.
  3. In case Wi-Fi connection was selected, on the next screen click on “Hardware Properties”, for Ethernet go directly to the next step.
  4. Click “Change” under “DNS Server Mapping”.
  5. If the DNS setting is set to "Automatic", change it to "Manual".
  6. Enable the IPv4 option and enter two DNS servers (preferred and optional) for IPv4 from the list above, for example 8.8.8 and 8.8.4.4
  7. Select “Encryption only (DNS over HTTPS)” in the “Preferred DNS encryption” field, specify the same value in the “Alternate DNS encryption” field.
  8. Do the same steps for IPv6, using the appropriate DNS servers.
  9. Save the settings made.

This will enable DoH protection and all DNS requests will be sent in encrypted form.

If you are having trouble opening websites after enabling DNS over HTTPS and everything has been entered correctly, you can try this:

  • Turn off the DNS servers manually defined for IPv6
  • Set "Encrypted Preferred, Unencrypted" in the "DNS Encryption Preferred" field in the DNS servers settings

In case it's interesting, also:

Read more:
How to Facebook stories from PC