How to enable DNS over HTTPS or DoH in Windows – Guide to enabling DNS over HTTPS (DoH) in Windows 11: how to protect privacy while browsing.
Fortunately, the HTTPS protocol is generally used when surfing the web and exchanging data with remote servers :
it means that all data sent and received over the network is encrypted and can never be monitored, read or modified by third parties (the so-calledman-in-the-middleor MITM attacks are not possible) .
By usingdata packetsniffingsoftware , third parties can only know that there are one or more HTTPS communications in progress to and from the user’s device but their content cannot be accessed.
In fact, the migration to HTTPS of most of the Web sites has been completed, however, a “gray area” has remained: theresolution of domain names via DNSusually takes place in the clear without using any form of cryptographic protection.
Third parties, using thepacket sniffingsolutions mentioned above, can for example determinewhich sites a user is visiting.
DNS over HTTPS(DoH) is a protocol created to protect user privacy: by using DNS servers that support DoH, domain name resolution requests (and the relative responses) also travel in clear text over the network, preventing any monitoring activity.
IfDoHis a tool that is positively received by end users, the same cannot be said for some companies and for certain telecommunications providers (especially foreign ones) which do business also by noting which sites are visited by subscribers.
The support of DoH by the mainweb browsershas been accused in the past by numerous parties and several US providers (who use users’ browsing data for marketing purposes) have filed a complaint with the United States Congress to which Mozilla responded harshly .
If, as we said previously, several browsers have already embracedsupport for DNS over HTTPSand allow its use directly from the respective interface, so far Windows had not yet allowed the activation of DoH at the operating system level.
How to activate DoH in Windows 11
Windows 11was the first version of the Microsoft operating system to allow system-wide DoH activation.
This means that by configuring a DNS server that supports DoH and activating encryption, all domain name resolution requests are encrypted regardless of the configuration of the individual browsers installed.
Furthermore, activating DoH on the system also encrypts DNS requests sent over the network by any other installed application.
Toactivate DoH in Windows 11just press Windows + I then click onNetwork and Internetin the left column and finally onPropertiesregardless of whether you are using a WiFi connection or an Ethernet connection (cable).
By scrolling the contents of the window and clicking onEditnext toDNS Assignmentyou must selectManualthen activateIPv4orIPv6depending on whether you are using a DNS server with DoH support using an IPv4 or IPv6 address.
In the fieldsPreferredDNS andAlternate DNSyou must enter the addresses of the DNS servers chosen.
oth the Alternate DNS EncryptionandAlternate DNS Encryptiondrop-down menus must be set toEncrypted Only (DNS over HTTPS).
On some systems the drop-down menu for choosing encryption does not appear.
To solve these cases you have to press Windows + R , type ncpa.cpl then double click on the WiFi or Ethernet network interface in use.
By clicking thePropertiesbutton you must selectInternet Protocol version 4 (TCP / IPv4)orInternet Protocol version 6 (TCP / IPv6)then pressPropertiesagain .
After selectingUse the following DNS server addresses, you will need to specify the IPs of the DNS servers with DoH support in thePreferred DNSserver andAlternate DNSserver boxes . In the example we have set up Cloudflare’s DNS servers.
After clickingOK, Close, Closeyou have to press Windows + I again , selectNetwork and Internetand clickPropertiesagain at the top.
This time the Network & Internetwindow will show the red message ”DNS settings for all WiFi networks have been configured. The following settings will not be used“.
By clicking onChange DNS settings for all WiFi networksthen onChangenext toDNS server assignment.
You can finally chooseEncrypted only (DNS over HTTPS)both in correspondence with thepreferred DNSand in thealternative DNSas seen above.
Windows 11 contains a list of DNS servers that support DoH
Windows is not currently able to verify if a DNS server actually supports DoH: it is possible that this ability will be added in the future which is not foreseen for the moment.
The Microsoft operating system still contains a list of public IPv4 and IPv6 addresses of DNS servers that have DoH support.
To check this, just open a PowerShell window: press Windows + X then chooseWindows PowerShellin Windows 10 orWindows Terminalin Windows 11.
By typing Get-DnsClientDohServerAddress you get thelist of DNS servers with DoH supportthat Windows knows.
By opening a PowerShell window with administrator rights and running the following command, you can possibly add other DoH DNS servers to the list:
Add-DnsClientDohServerAddress -ServerAddress ‘ip-address‘ -DohTemplate ‘template-DoH‘
Note on activating DoH in Windows 10
In the past, Microsoft had confirmed the arrival of DoH with the launch of Windows 10 21H2. In reality
At least based on the tests we carried out starting from the ISO image published on Microsoft servers, Windows 10 21H2 still does not allow DoH to be activated through its interface.
Not even the modification from a command prompt opened with administrator rights (valid inWindows Insiderbuild 19628 and later versions)
Allows you to force DoH activation in Windows 10 21H2 ( reg add HKLM \ SYSTEM \ CurrentControlSet \ Services \ Dnscache \ Parameters / v EnableAutoDoh / t REG_DWORD / d 2 ).
Hopefully, you are like this How to enable DNS over HTTPS or DoH in Windows and we are always open to your problems, questions, and suggestions, so feel free to Comment on us by filling this.
This is a free service that we offer, We read every message we receive. Tell those we helped by sharing our posts with friends