How to enable DNS over HTTPS or DoH in Windows Guide to enabling DNS over HTTPS (DoH) in Windows 11: how to protect privacy while browsing.
Fortunately, the HTTPS protocol is generally used when surfing the web and exchanging data with remote servers :
it means that all data sent and received over the network is encrypted and can never be monitored, read or modified by third parties (the so-called man-in-the-middle or MITM attacks are not possible) .
By using data packet sniffing software , third parties can only know that there are one or more HTTPS communications in progress to and from the user’s device but their content cannot be accessed.
In fact, the migration to HTTPS of most of the Web sites has been completed, however, a “gray area” has remained: the resolution of domain names via DNS usually takes place in the clear without using any form of cryptographic protection.
Third parties, using the packet sniffing solutions mentioned above, can for example determine which sites a user is visiting .
DNS over HTTPS (DoH) is a protocol created to protect user privacy: by using DNS servers that support DoH, domain name resolution requests (and the relative responses) also travel in clear text over the network, preventing any monitoring activity.
If DoH is a tool that is positively received by end users, the same cannot be said for some companies and for certain telecommunications providers (especially foreign ones) which do business also by noting which sites are visited by subscribers.
The support of DoH by the main web browsers has been accused in the past by numerous parties and several US providers (who use users’ browsing data for marketing purposes) have filed a complaint with the United States Congress to which Mozilla responded harshly .
If, as we said previously, several browsers have already embraced support for DNS over HTTPS and allow its use directly from the respective interface, so far Windows had not yet allowed the activation of DoH at the operating system level.
How to activate DoH in Windows 11
Windows 11 was the first version of the Microsoft operating system to allow system-wide DoH activation.
This means that by configuring a DNS server that supports DoH and activating encryption, all domain name resolution requests are encrypted regardless of the configuration of the individual browsers installed.
Furthermore, activating DoH on the system also encrypts DNS requests sent over the network by any other installed application.
To activate DoH in Windows 11 just press Windows + I then click on Network and Internet in the left column and finally on Properties regardless of whether you are using a WiFi connection or an Ethernet connection (cable).
By scrolling the contents of the window and clicking on Edit next to DNS Assignment you must select Manual then activate IPv4 or IPv6 depending on whether you are using a DNS server with DoH support using an IPv4 or IPv6 address.
In the fields Preferred DNS and Alternate DNS you must enter the addresses of the DNS servers chosen.
oth the Alternate DNS Encryption and Alternate DNS Encryption drop-down menus must be set to Encrypted Only (DNS over HTTPS) .
On some systems the drop-down menu for choosing encryption does not appear.
To solve these cases you have to press Windows + R , type ncpa.cpl then double click on the WiFi or Ethernet network interface in use.
By clicking the Properties button you must select Internet Protocol version 4 (TCP / IPv4) or Internet Protocol version 6 (TCP / IPv6) then press Properties again .
After selecting Use the following DNS server addresses , you will need to specify the IPs of the DNS servers with DoH support in the Preferred DNS server and Alternate DNS server boxes . In the example we have set up Cloudflare’s DNS servers.
After clicking OK, Close, Close you have to press Windows + I again , select Network and Internet and click Properties again at the top.
This time the Network & Internet window will show the red message ” DNS settings for all WiFi networks have been configured. The following settings will not be used “.
By clicking on Change DNS settings for all WiFi networks then on Change next to DNS server assignment.
You can finally choose Encrypted only (DNS over HTTPS) both in correspondence with the preferred DNS and in the alternative DNS as seen above.
Windows 11 contains a list of DNS servers that support DoH
Windows is not currently able to verify if a DNS server actually supports DoH: it is possible that this ability will be added in the future which is not foreseen for the moment.
The Microsoft operating system still contains a list of public IPv4 and IPv6 addresses of DNS servers that have DoH support.
To check this, just open a PowerShell window: press Windows + X then choose Windows PowerShell in Windows 10 or Windows Terminal in Windows 11.
By typing Get-DnsClientDohServerAddress you get the list of DNS servers with DoH support that Windows knows.
By opening a PowerShell window with administrator rights and running the following command, you can possibly add other DoH DNS servers to the list:
Add-DnsClientDohServerAddress -ServerAddress ‘ ip-address ‘ -DohTemplate ‘ template-DoH ‘
Note on activating DoH in Windows 10
In the past, Microsoft had confirmed the arrival of DoH with the launch of Windows 10 21H2. In reality
At least based on the tests we carried out starting from the ISO image published on Microsoft servers, Windows 10 21H2 still does not allow DoH to be activated through its interface.
Not even the modification from a command prompt opened with administrator rights (valid in Windows Insider build 19628 and later versions)
Allows you to force DoH activation in Windows 10 21H2 ( reg add HKLM \ SYSTEM \ CurrentControlSet \ Services \ Dnscache \ Parameters / v EnableAutoDoh / t REG_DWORD / d 2 ).
Hopefully, you are like this How to enable DNS over HTTPS or DoH in Windows and we are always open to your problems, questions, and suggestions, so feel free to Comment on us by filling this.
This is a free service that we offer, We read every message we receive. Tell those we helped by sharing our posts with friends