January 23, 2022

Tips on how to Allow DNS Over HTTPS on Home windows 11

A photo of Ethernet cables plugged into a network switch.

For improved on-line privateness and safety, Home windows 11 helps you to use DNS over HTTPS (DoH) to encrypt the DNS requests your laptop makes whilst you browse or do the rest on-line. Right here’s learn how to set it up.

Encrypted DNS Is Extra Non-public and Safe

Each time you go to a web site utilizing a site title (reminiscent of “google.com,” for instance), your laptop sends a request to a Domain Name System (DNS) server. The DNS server takes the area title and appears up the matching IP handle from a listing. It sends the IP handle again to your laptop, which your laptop then makes use of to connect with the positioning.

This area title fetching course of historically occurred unencrypted on the community. Any level in between may intercept the domains of the websites you might be visiting. With DNS over HTTPS, also referred to as DoH, the communications between your laptop and a DoH-enabled DNS server are encrypted. Nobody can intercept your DNS requests to eavesdrop on the addresses you’re visiting or tamper with the responses from the DNS server.

First, Select a Supported Free DNS Service

As of Home windows 11’s launch, DNS over HTTPS in Home windows 11 solely works with a sure hard-coded checklist of free DNS services (you possibly can see the checklist your self by operating netsh dns present encryption in a Terminal window).

Right here’s the present checklist of supported IPv4 DNS service addresses as of November 2021:

  • Google DNS Main:
  • Google DNS Secondary:
  • Cloudflare DNS Main:
  • Cloudflare DNS Secondary:
  • Quad9 DNS Main:
  • Quad9 DNS Secondary:

For IPv6, right here is the  checklist of supported DNS service addresses:

  • Google DNS Main: 2001:4860:4860::8888
  • Google DNS Secondary: 2001:4860:4860::8844
  • Cloudflare DNS Main: 2606:4700:4700::1111
  • Cloudflare DNS Secondary: 2606:4700:4700::1001
  • Quad9 DNS Main: 2620:fe::fe
  • Quad9 DNS Secondary: 2620:fe::fe:9

When it comes time to allow DoH within the part beneath, you’ll want to decide on two pairs of those DNS servers—main and secondary for IPv4 and IPv6—to make use of along with your Home windows 11 PC. As a bonus, utilizing these will very doubtless speed up your web looking expertise.

RELATED: Why You Shouldn’t Use Your ISP’s Default DNS Server

Subsequent, Allow DNS over HTTPS in Home windows 11

To get began establishing DNS over HTTPS, open the Settings app by urgent Home windows+i in your keyboard. Or you possibly can right-click the Begin button and choose “Settings” within the particular menu that seems.

In Windows 11, right-click the Start button and select "Settings."

In Settings, click on “Community & Web” within the sidebar.

In Windows 11 Settings, click "Network & Internet."

In Community & Web settings, click on the title of your main web connection within the checklist, reminiscent of “Wi-Fi” or “Ethernet.” (Don’t click on “Properties” close to the highest of the window—that received’t allow you to encrypt your DNS connections.)

In Network & Internet settings, click the name of your primary network connection in the list.

On the community connection’s properties web page, choose “{Hardware} Properties.”

Select "Hardware Properties."

On the Wi-Fi or Ethernet {hardware} properties web page, find the “DNS Server Project” possibility and click on the “Edit” button beside it.

Click "Edit."

Within the window that pops up, use the drop-down menu to pick out “Handbook” DNS settings. Then flip the “IPv4” change to the “On” place.

Set the drop-down box to "Manual" and turn "IPv4" to "On."

Within the IPv4 part, enter the first DNS server handle you selected from the section above within the “Most well-liked DNS” field (reminiscent of “”). Equally, enter the secondary DNS server handle within the “Alternate DNS” field (reminiscent of “”).

Tip: Should you don’t see the DNS encryption choices, then you definately’re enhancing the DNS settings on your Wi-Fi SSID. Ensure you choose the connection kind in Settings > Community & Web, then click on “{Hardware} Properties” first.

Enter your DNS server addresses.

In the identical window, set “Most well-liked DNS Encryption” and “Alternate DNS Encryption” to “Encrypted Solely (DNS over HTTPS)” utilizing the drop-down bins beneath the DNS addresses you entered within the final step.

Set the DNS servers to "Encrypted Only."

After that, repeat this course of with IPv6.

Flip the IPv6 change to the “On” place, after which copy a main IPv6 handle within the section above and paste it into the “Most well-liked DNS” field. Subsequent, copy an identical secondary IPv6 handle and paste it into the “Alternate DNS” field.

After that, set each “DNS encryption” settings to “Encrypted Solely (DNS over HTTPS).” Lastly, click on “Save.”

Add new DNS servers for IPv6 and click "Save."

Again on the Wi-Fi or Ethernet {hardware} properties web page, you’ll see your DNS servers listed with an “(Encrypted)” beside every one in every of them.

You'll see "(Encrypted)" beside the DNS server names.

That’s all you want to do. Shut the Settings app, and also you’re able to go. Any more, all your DNS requests can be non-public and safe. Comfortable looking!

Be aware: Should you expertise community issues after altering these settings, remember to verify that you simply entered the IP addresses appropriately. A mistyped IP handle would consequence within the DNS servers being unreachable. If the addresses seem like typed appropriately, strive disabling the “IPv6” change within the DNS servers checklist. Should you configure IPv6 DNS servers on a pc with out IPv6 connectivity, this might trigger connectivity points.