Network and Internet Enable DNS over HTTPS (DoH) in Windows 11


  • Staff
DNS_banner.png

This tutorial will show you how to change your DNS Server address and enable DNS over HTTPS (DoH) in Windows 11.

A DNS (Domain Name System) server is the service that makes it possible for you to open a web browser, type a domain name and load your favorite websites.

DNS over HTTPS (DoH), or Secure DNS, is a protocol for performing remote Domain Name System resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

References:
techcommunity.microsoft.com

Windows Insiders gain new DNS over HTTPS controls

A recap of the new ways Insiders can configure the use of DNS over HTTPS on Windows
techcommunity.microsoft.com
techcommunity.microsoft.com

Making DoH Discoverable: Introducing DDR

Discovery of Designated Resolvers (DDR) is available to Windows Insiders to dynamically discover DoH configurations
techcommunity.microsoft.com


You must be signed in as an administrator to change the DNS server address and enable DoH.




Here's How:

1 Open Settings (Win+I).

2 Click/tap on Network & internet on the left side. (see screenshot below)


DOH-1.png

3 Do step 4 (current), step 5 (specific), or step 6 (all Wi-Fi) below for which network connection or adapter you want to enable DoH for.

4 Enable DNS over HTTPS (DoH) for a Current Network Connection

This will be for a network connection you are currently connected to.


A) Click/tap on Properties of the connected network you want to enable DoH for at the top on the right side. (see screenshot below)​

Current_DOH-1.png

B) Click/tap on the Ethernet or Wi-Fi connection you want to enable DoH for to expand it open. (see screenshots below)​

Current_DOH-2.png
Current_DOH-3.png

C) Click/tap on the Edit button under DNS server assignment on the right side, and go to step 7. (see screenshots below)​

If you have a The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. type message, then it means you used step 6 that overrides this setting. You can click/tap on the Change DNS settings for all Wi-Fi networks link instead, and then click/tap on the Edit button in step 6.


DoH-2.png
DoH-5.png

5 Enable DNS over HTTPS (DoH) for Specific Network Connection

This will be for a network connection you do not have to be currently connected to.


A) Click/tap on Wi-Fi or Ethernet for the type of network connection you want to enable DoH for. (see screenshot below)​

Specific_DOH-1.png

B) Perform one of the following actions: (see screenshots below)​
  • For Ethernet, click/tap on the connection you want to enable DoH for to expand it open.
  • For Wi-Fi, click/tap on Manage known networks, and click/tap on the known Wi-Fi network connection you want to enable DoH for.
Current_DOH-2.png
Specific_DOH-2.png
Specific_DOH-3.png

C) Click/tap on the Edit button under DNS server assignment on the right side, and go to step 7. (see screenshots below)​

If you have a The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. type message, then it means you used step 6 that overrides this setting. You can click/tap on the Change DNS settings for all Wi-Fi networks link instead, and then click/tap on the Edit button in step 6.


DoH-2.png
DoH-5.png

6 Enable DNS over HTTPS (DoH) for Wi-Fi Network Adapter

This will include all connections you make from the selected Wi-Fi network adapter.

This will override what is set for a network connection in step 4 and/or step 5.


A) Click/tap on Wi-Fi. (see screenshot below)​

All_DOH-1.png

B) Click/tap on Hardware properties. (see screenshot below)​

All_DOH-2.png

C) Click/tap on the Edit button under DNS server assignment on the right side, and go to step 7. (see screenshot below)​

All_DOH-3.png

7 Select Manual in the drop menu at the top. (see screenshots below step 11)

8 Enable DoH for IPv4

A) Turn on IPv4. (see screenshots below step 11)

B) Type a Preferred DNS you want to use that supports DoH. (see table below)

DoH DNS server​
Preferred DNS for IPv4​
Cloudflare1.1.1.1
Google Public DNS8.8.8.8
Quad99.9.9.9

C) Perform one of the following actions depending on which setting is available to you:
  • If you do not have an Insider Dev build installed, select Encrypted only (DNS over HTTPS) from the Preferred DNS encryption drop menu under IPv4.
  • If you do have an Insider Dev build installed, select On (automatic template) from the DNS over HTTPS drop menu under IPv4. Leave Fallback to paintext turned off.

If you do not have a Preferred DNS encryption drop menu option to select Encrypted only (DNS over HTTPS), then close Settings, change the IPv4 DNS address for this connected network adapter in the Control Panel, and start over at step 1.

You will now have the red The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. message at step 3.


D) Type an Alternate DNS you want to use that supports DoH. (see table below)

DoH DNS server​
Alternate DNS for IPv4​
Cloudflare1.0.0.1
Google Public DNS8.8.4.4
Quad9149.112.112.112

E) Perform one of the following actions depending on which setting is available to you:
  • If you do not have an Insider Dev build installed, select Encrypted only (DNS over HTTPS) from the Preferred DNS encryption drop menu under IPv4.
  • If you do have an Insider Dev build installed, select On (automatic template) from the DNS over HTTPS drop menu under IPv4. Leave Fallback to paintext turned off.

If you do not have a Alternate DNS encryption drop menu option to select Encrypted only (DNS over HTTPS), then close Settings, change the IPv4 DNS address for this connected network adapter in the Control Panel, and start over at step 1.

You will now have the red The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. message at step 3.



9 Enable DoH for IPv6

A) Turn on IPv6. (see screenshots below step 11)

B) Type a Preferred DNS you want to use that supports DoH. (see table below)

DoH DNS server​
Preferred DNS for IPv6​
Cloudflare2606:4700:4700::1111
Google Public DNS2001:4860:4860::8888
Quad92620:fe::fe

C) Perform one of the following actions depending on which setting is available to you:
  • If you do not have an Insider Dev build installed, select Encrypted only (DNS over HTTPS) from the Preferred DNS encryption drop menu under IPv6.
  • If you do have an Insider Dev build installed, select On (automatic template) from the DNS over HTTPS drop menu under IPv6. Leave Fallback to paintext turned off.

If you do not have a Preferred DNS encryption drop menu option to select Encrypted only (DNS over HTTPS), then close Settings, change the IPv6 DNS address for this connected network adapter in the Control Panel, and start over at step 1.

You will now have the red The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. message at step 3.


D) Type an Alternate DNS you want to use that supports DoH. (see table below)

DoH DNS server​
Alternate DNS for IPv6​
Cloudflare2606:4700:4700::1001
Google Public DNS2001:4860:4860::8844
Quad92620:fe:::9

E) Perform one of the following actions depending on which setting is available to you:
  • If you do not have an Insider Dev build installed, select Encrypted only (DNS over HTTPS) from the Preferred DNS encryption drop menu under IPv6.
  • If you do have an Insider Dev build installed, select On (automatic template) from the DNS over HTTPS drop menu under IPv6. Leave Fallback to paintext turned off.

If you do not have a Alternate DNS encryption drop menu option to select Encrypted only (DNS over HTTPS), then close Settings, change the IPv4 DNS address for this connected network adapter in the Control Panel, and start over at step 1.

You will now have the red The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. message at step 3.


10 When finished, click/tap on Save.

11 You can now close Settings if you like.

DoH-3.png
DoH-4.png


DoH-3B.png
DoH-4B.png



That's it,
Shawn Brink


Related Tutorials

 

Attachments

  • DNS.png
    DNS.png
    24.2 KB · Views: 282
Last edited:
Click to expand...
Why do we always "yes" the autoupgrade part?
 

My Computer

System One

  • OS
    Windows 11 Home - 22631.3447 - 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Huawei Matebook D15 Ryzen 5500U 8GB / 512 SSD, Windows 11 Home Single Language
    CPU
    Ryzen 5500U
    Keyboard
    Logitech K380, G15
    Mouse
    Logi m350, Everest SM-620, Logitech G9, Lecoo WS210
    Browser
    Chrome (Desktop), Vivaldi (Mobile)
    Antivirus
    Windows Security, (Alternative Eset)
Interesting how this has been improved over Windows 10, thats a nice UI config upgrade.

I do have a list of useful ip's for DoH for the bigger DNS providers.

ECS is related to CDN routing, where the network block is passed on from the source IP.

EDNS Client Subnet - Wikipedia

en.wikipedia.org en.wikipedia.org

Code: 
1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001 Cloudflare No Filter
1.1.1.2 1.0.0.2 2606:4700:4700::1112 2606:4700:4700::1002 Cloudflare Malware Filter
1.1.1.3 1.0.0.3 2606:4700:4700::1113 2606:4700:4700::1003 Cloudflare Malware and Family Filter
8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844 Google No Filter, Tracked, supports ECS
9.9.9.9 149.112.112.9 149.112.112.112 2620:fe::9 2620:fe::fe:9 2620:fe::fe Quad9 Malware Filter
9.9.9.10 149.112.112.10 2620:fe::10 2620:fe::fe:10 Quad9 No Filter
9.9.9.11 149.112.112.11 2620:fe::11 2620:fe::fe:11 Quad9 Malware Filter and supports ECS
9.9.9.12 149.112.112.12 2620:fe::12 2620:fe::fe:12 Quad9 No Filter, supports ECS
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    CPU
    9900k
    Motherboard
    Asrock Fatality K6 Z370
    Memory
    32 Gig 3200CL12
    Graphics Card(s)
    Nvidia 3800 RTX
    Sound Card
    Asus Xonar D2X
    Monitor(s) Displays
    LG 27GL850
    Screen Resolution
    2560x1440
    Hard Drives
    970 EVO 1TB
    860 EVO 1TB
    3 x 3TB WD Red
    2 x 4TB WD Red
    PSU
    Antec HCG 750
    Case
    Fractal Define R4
    Cooling
    Noctua NH-D15S
    Internet Speed
    80/20
    Antivirus
    Windows Defender

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 3600 & No fTPM (07/19)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1E & IFX TPM (07/19)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC @48FPS (08/19)
    Sound Card
    Creative Sound Blaster Z (11/16)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/19)
    Screen Resolution
    1920×1080@75Hz & FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/19)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/16)
    Case
    Lian Li PC-7NB & 3x Noctua NF-S12A FLX@700rpm (11/16)
    Cooling
    CPU Cooler Noctua NH-U12S@700rpm (07/19)
    Keyboard
    HP Wired Desktop 320K + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    400/40 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge (No FB/Google) & Brave for YouTube & LibreWolf for FB
    Antivirus
    NoAV & Binisoft WFC & NextDNS
    Other Info
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)

My Computer

System One

  • OS
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
    Computer type
    PC/Desktop
    Manufacturer/Model
    ۞ΞЖ†ԘΜΞ۞
    CPU
    Intel Core i9 9900K
    Motherboard
    ASUS ROG Maximus X Hero
    Memory
    32 GB Quad Kit, G.Skill Trident Z RGB Series schwarz, DDR4-3866, 18-19-19-39-2T
    Graphics Card(s)
    ASUS GeForce RTX 3090 ROG Strix O24G, 24576 MB GDDR6X
    Sound Card
    (1) HD Webcam C270 (2) NVIDIA High Definition Audio (3) Realtek High Definition Audio
    Monitor(s) Displays
    BenQ BL2711U(4K) and a hp 27vx(1080p)
    Hard Drives
    C: Samsung 960 EVO NVMe M.2 SSD
    E: & O: Libraries & OneDrive-> Samsung 850 EVO 1TB
    D: Hyper-V VM's -> Samsung PM951 Client M.2 512Gb SSD
    G: System Images -> Samsung 860 Pro 2TB
    PSU
    Corsair HX1000i High Performance ATX Power Supply 80+ Platinum
    Case
    Phanteks Enthoo Pro TG
    Cooling
    Thermaltake Floe Riing RGB TT Premium-Edition 360mm and 2x120 Phantek& Halo front, and 1x140 Phanteks
    Keyboard
    Trust GTX THURA
    Mouse
    Trust GTX 148
    Internet Speed
    25+/5+ (+usually faster)
    Browser
    Edge; Chrome;
    Antivirus
    Windows Defender of course & Malwarebytes Anti-Exploit as an added layer between browser & OS
    Other Info
    Router: FRITZ!Box 7590 AX V2
    Sound system: SHARP HT-SBW460 Dolby Atmos Soundbar
    Webcam: Logitech BRIO ULTRA HD PRO WEBCAM 4K webcam with HDR
@Cliff S This is just as a matter of interest. I still have 1.1.1.1 and 1.0.0.1 DOH settings but have enabled encrypted SNI or ESNI/ECH in Microsoft Edge. Also in Firefox.
Cloudflare test site,
Cloudflare Browser Check

1687903277700.png


Your first link in your post gives me this,

1687903431991.png


and second link gives this result,

1687903652102.png
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Fabler2 said:
@Cliff S This is just as a matter of interest. I still have 1.1.1.1 and 1.0.0.1 DOH settings but have enabled encrypted SNI or ESNI/ECH in Microsoft Edge. Also in Firefox.
Cloudflare test site,
Cloudflare Browser Check

View attachment 63444

Your first link in your post gives me this,

View attachment 63445

and second link gives this result,

View attachment 63446
Click to expand...
The first link works: Set up Cloudflare 1.1.1.1 resolver · Cloudflare 1.1.1.1 docs

The second link; is the template address and should not open anything to look at, as it's for query's for dns.

The third link it the test link,
 

My Computer

System One

  • OS
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
    Computer type
    PC/Desktop
    Manufacturer/Model
    ۞ΞЖ†ԘΜΞ۞
    CPU
    Intel Core i9 9900K
    Motherboard
    ASUS ROG Maximus X Hero
    Memory
    32 GB Quad Kit, G.Skill Trident Z RGB Series schwarz, DDR4-3866, 18-19-19-39-2T
    Graphics Card(s)
    ASUS GeForce RTX 3090 ROG Strix O24G, 24576 MB GDDR6X
    Sound Card
    (1) HD Webcam C270 (2) NVIDIA High Definition Audio (3) Realtek High Definition Audio
    Monitor(s) Displays
    BenQ BL2711U(4K) and a hp 27vx(1080p)
    Hard Drives
    C: Samsung 960 EVO NVMe M.2 SSD
    E: & O: Libraries & OneDrive-> Samsung 850 EVO 1TB
    D: Hyper-V VM's -> Samsung PM951 Client M.2 512Gb SSD
    G: System Images -> Samsung 860 Pro 2TB
    PSU
    Corsair HX1000i High Performance ATX Power Supply 80+ Platinum
    Case
    Phanteks Enthoo Pro TG
    Cooling
    Thermaltake Floe Riing RGB TT Premium-Edition 360mm and 2x120 Phantek& Halo front, and 1x140 Phanteks
    Keyboard
    Trust GTX THURA
    Mouse
    Trust GTX 148
    Internet Speed
    25+/5+ (+usually faster)
    Browser
    Edge; Chrome;
    Antivirus
    Windows Defender of course & Malwarebytes Anti-Exploit as an added layer between browser & OS
    Other Info
    Router: FRITZ!Box 7590 AX V2
    Sound system: SHARP HT-SBW460 Dolby Atmos Soundbar
    Webcam: Logitech BRIO ULTRA HD PRO WEBCAM 4K webcam with HDR

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
You must log in or register to reply here.

Similar Windows 11 Tutorials

  • Article
Network and Internet Enable or Disable Discovery of Network-designated Resolvers (DNR) in Windows 11
Replies
0
Views
2K
Brink
Brink
  • Article
System Enable or Disable Sudo Command in Windows 11
Replies
1
Views
5K
ThrashZone
ThrashZone
  • Article
System Enable or Disable Retail Demo Experience Mode in Windows 11
Replies
2
Views
2K
ThrashZone
ThrashZone
  • Article
Phone Enable or Disable Mobile Devices in Windows 11
Replies
5
Views
2K
Brink
Brink
  • Article
Browsers and Mail Enable or Disable Additional Search Box in Microsoft Edge
Replies
2
Views
1K
Brink
Brink
  • Article
Network and Internet Refresh List of Available Wi-Fi Networks in Windows 11
Replies
0
Views
3K
Brink
Brink
  • Article
Accounts Enable or Disable Microsoft Accounts in Windows 11
Replies
0
Views
2K
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom