Network and Internet Enable DNS over HTTPS (DoH) in Windows 11


  • Staff
DNS_banner.png

This tutorial will show you how to change your DNS Server address and enable DNS over HTTPS (DoH) in Windows 11.

A DNS (Domain Name System) server is the service that makes it possible for you to open a web browser, type a domain name and load your favorite websites.

DNS over HTTPS (DoH), or Secure DNS, is a protocol for performing remote Domain Name System resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

References:
techcommunity.microsoft.com

Windows Insiders gain new DNS over HTTPS controls

Credit and thanks to Alexandru Jercaianu, Vladimir Cernov, and Sam Yun for implementation work Over the last year, we have been improving the DNS over HTTPS (DoH) functionality in the Windows DNS client. Now we are pleased to introduce you to the different features now available through the...
techcommunity.microsoft.com
techcommunity.microsoft.com

Making DoH Discoverable: Introducing DDR

Credit and thanks to Alexandru Jercaianu for implementation work DNS over HTTPS (DoH) in the DNS client exited preview and became a supported feature with the Windows Server 2022 and Windows 11 releases. Unlike plain-text DNS, DoH requires a template in addition to knowing the IP address of...
techcommunity.microsoft.com


You must be signed in as an administrator to change the DNS server address and enable DoH.




Here's How:

1 Open Settings (Win+I).

2 Click/tap on Network & internet on the left side. (see screenshot below)


DOH-1.png

3 Do step 4 (current), step 5 (specific), or step 6 (all Wi-Fi) below for which network connection or adapter you want to enable DoH for.

4 Enable DNS over HTTPS (DoH) for a Current Network Connection

This will be for a network connection you are currently connected to.


A) Click/tap on Properties of the connected network you want to enable DoH for at the top on the right side. (see screenshot below)​

Current_DOH-1.png

B) Click/tap on the Ethernet or Wi-Fi connection you want to enable DoH for to expand it open. (see screenshots below)​

Current_DOH-2.png
Current_DOH-3.png

C) Click/tap on the Edit button under DNS server assignment on the right side, and go to step 7. (see screenshots below)​

If you have a The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. type message, then it means you used step 6 that overrides this setting. You can click/tap on the Change DNS settings for all Wi-Fi networks link instead, and then click/tap on the Edit button in step 6.


DoH-2.png
DoH-5.png

5 Enable DNS over HTTPS (DoH) for Specific Network Connection

This will be for a network connection you do not have to be currently connected to.


A) Click/tap on Wi-Fi or Ethernet for the type of network connection you want to enable DoH for. (see screenshot below)​

Specific_DOH-1.png

B) Perform one of the following actions: (see screenshots below)​
  • For Ethernet, click/tap on the connection you want to enable DoH for to expand it open.
  • For Wi-Fi, click/tap on Manage known networks, and click/tap on the known Wi-Fi network connection you want to enable DoH for.
Current_DOH-2.png
Specific_DOH-2.png
Specific_DOH-3.png

C) Click/tap on the Edit button under DNS server assignment on the right side, and go to step 7. (see screenshots below)​

If you have a The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. type message, then it means you used step 6 that overrides this setting. You can click/tap on the Change DNS settings for all Wi-Fi networks link instead, and then click/tap on the Edit button in step 6.


DoH-2.png
DoH-5.png

6 Enable DNS over HTTPS (DoH) for Wi-Fi Network Adapter

This will include all connections you make from the selected Wi-Fi network adapter.

This will override what is set for a network connection in step 4 and/or step 5.


A) Click/tap on Wi-Fi. (see screenshot below)​

All_DOH-1.png

B) Click/tap on Hardware properties. (see screenshot below)​

All_DOH-2.png

C) Click/tap on the Edit button under DNS server assignment on the right side, and go to step 7. (see screenshot below)​

All_DOH-3.png

7 Select Manual in the drop menu at the top. (see screenshots below step 11)

8 Enable DoH for IPv4

A) Turn on IPv4. (see screenshots below step 11)

B) Type a Preferred DNS you want to use that supports DoH. (see table below)

DoH DNS server​
Preferred DNS for IPv4​
Cloudflare1.1.1.1
Google Public DNS8.8.8.8
Quad99.9.9.9

C) Perform one of the following actions depending on which setting is available to you:
  • If you do not have an Insider Dev build installed, select Encrypted only (DNS over HTTPS) from the Preferred DNS encryption drop menu under IPv4.
  • If you do have an Insider Dev build installed, select On (automatic template) from the DNS over HTTPS drop menu under IPv4. Leave Fallback to paintext turned off.

If you do not have a Preferred DNS encryption drop menu option to select Encrypted only (DNS over HTTPS), then close Settings, change the IPv4 DNS address for this connected network adapter in the Control Panel, and start over at step 1.

You will now have the red The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. message at step 3.


D) Type an Alternate DNS you want to use that supports DoH. (see table below)

DoH DNS server​
Alternate DNS for IPv4​
Cloudflare1.0.0.1
Google Public DNS8.8.4.4
Quad9149.112.112.112

E) Perform one of the following actions depending on which setting is available to you:
  • If you do not have an Insider Dev build installed, select Encrypted only (DNS over HTTPS) from the Preferred DNS encryption drop menu under IPv4.
  • If you do have an Insider Dev build installed, select On (automatic template) from the DNS over HTTPS drop menu under IPv4. Leave Fallback to paintext turned off.

If you do not have a Alternate DNS encryption drop menu option to select Encrypted only (DNS over HTTPS), then close Settings, change the IPv4 DNS address for this connected network adapter in the Control Panel, and start over at step 1.

You will now have the red The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. message at step 3.



9 Enable DoH for IPv6

A) Turn on IPv6. (see screenshots below step 11)

B) Type a Preferred DNS you want to use that supports DoH. (see table below)

DoH DNS server​
Preferred DNS for IPv6​
Cloudflare2606:4700:4700::1111
Google Public DNS2001:4860:4860::8888
Quad92620:fe::fe

C) Perform one of the following actions depending on which setting is available to you:
  • If you do not have an Insider Dev build installed, select Encrypted only (DNS over HTTPS) from the Preferred DNS encryption drop menu under IPv6.
  • If you do have an Insider Dev build installed, select On (automatic template) from the DNS over HTTPS drop menu under IPv6. Leave Fallback to paintext turned off.

If you do not have a Preferred DNS encryption drop menu option to select Encrypted only (DNS over HTTPS), then close Settings, change the IPv6 DNS address for this connected network adapter in the Control Panel, and start over at step 1.

You will now have the red The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. message at step 3.


D) Type an Alternate DNS you want to use that supports DoH. (see table below)

DoH DNS server​
Alternate DNS for IPv6​
Cloudflare2606:4700:4700::1001
Google Public DNS2001:4860:4860::8844
Quad92620:fe:::9

E) Perform one of the following actions depending on which setting is available to you:
  • If you do not have an Insider Dev build installed, select Encrypted only (DNS over HTTPS) from the Preferred DNS encryption drop menu under IPv6.
  • If you do have an Insider Dev build installed, select On (automatic template) from the DNS over HTTPS drop menu under IPv6. Leave Fallback to paintext turned off.

If you do not have a Alternate DNS encryption drop menu option to select Encrypted only (DNS over HTTPS), then close Settings, change the IPv4 DNS address for this connected network adapter in the Control Panel, and start over at step 1.

You will now have the red The DNS settings for all Wi-Fi networks have been set. The settings below won't be saved. message at step 3.


10 When finished, click/tap on Save.

11 You can now close Settings if you like.

DoH-3.png
DoH-4.png


DoH-3B.png
DoH-4B.png



That's it,
Shawn Brink


Related Tutorials

 

Attachments

  • DNS.png
    DNS.png
    24.2 KB · Views: 192
Last edited:
Click to expand...
Why do we always "yes" the autoupgrade part?
 

My Computer

System One

  • OS
    Windows 11 Home - 22621.1413 - RP Channel
    Computer type
    Laptop
    Manufacturer/Model
    Huawei Matebook D15 Ryzen 5500U 8GB / 512 SSD, Windows 11 Home Single Language
    CPU
    5500U
    Keyboard
    Logitech K380, G15
    Mouse
    Logi m350, Everest SM-620, Logitech G9
    Browser
    Chrome (Desktop), Vivaldi (Mobile)
    Antivirus
    Eset
Interesting how this has been improved over Windows 10, thats a nice UI config upgrade.

I do have a list of useful ip's for DoH for the bigger DNS providers.

ECS is related to CDN routing, where the network block is passed on from the source IP.

EDNS Client Subnet - Wikipedia

en.wikipedia.org en.wikipedia.org

Code: 
1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001 Cloudflare No Filter
1.1.1.2 1.0.0.2 2606:4700:4700::1112 2606:4700:4700::1002 Cloudflare Malware Filter
1.1.1.3 1.0.0.3 2606:4700:4700::1113 2606:4700:4700::1003 Cloudflare Malware and Family Filter
8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844 Google No Filter, Tracked, supports ECS
9.9.9.9 149.112.112.9 149.112.112.112 2620:fe::9 2620:fe::fe:9 2620:fe::fe Quad9 Malware Filter
9.9.9.10 149.112.112.10 2620:fe::10 2620:fe::fe:10 Quad9 No Filter
9.9.9.11 149.112.112.11 2620:fe::11 2620:fe::fe:11 Quad9 Malware Filter and supports ECS
9.9.9.12 149.112.112.12 2620:fe::12 2620:fe::fe:12 Quad9 No Filter, supports ECS
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    CPU
    9900k
    Motherboard
    Asrock Fatality K6 Z370
    Memory
    32 Gig 3200CL12
    Graphics Card(s)
    Nvidia 3800 RTX
    Sound Card
    Asus Xonar D2X
    Monitor(s) Displays
    LG 27GL850
    Screen Resolution
    2560x1440
    Hard Drives
    970 EVO 1TB
    860 EVO 1TB
    3 x 3TB WD Red
    2 x 4TB WD Red
    PSU
    Antec HCG 750
    Case
    Fractal Define R4
    Cooling
    Noctua NH-D15S
    Internet Speed
    80/20
    Antivirus
    Windows Defender

My Computer

System One

  • OS
    Windows 11 Home
    CPU
    AMD Ryzen 5 3600 (07/19)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1E (07/19)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC @48FPS (08/19)
    Sound Card
    Creative Sound Blaster Z (11/16)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/19)
    Screen Resolution
    1920×1080@75Hz + FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/19)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/16)
    Case
    Lian Li PC-7NB + 3x Noctua NF-S12A FLX@700rpm (11/16)
    Cooling
    CPU Cooler Noctua NH-U12S@700rpm
    Keyboard
    Logitech Wireless MX Keys (04/23)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    400/40 Mbps via RouterOS (05/21) + TCP Optimizer
    Browser
    Edge with Neeva (No FB/Google) + Brave for YouTube + LibreWolf for FB
    Antivirus
    NoAV + Binisoft WFC + NextDNS
    Other Info
    Headphones: Sennheiser RS170 (09/10)
You must log in or register to reply here.

Similar Windows 11 Tutorials

  • Article
Browsers and Mail Enable or Disable Secure DNS over HTTPS (DoH) in Microsoft Edge
Replies
1
Views
3K
jesseinsf
J
  • Article
Network and Internet Enable DNS over TLS (DoT) in Windows 11
Replies
3
Views
7K
Cliff S
Cliff S
  • Article
Network and Internet Find DNS Servers Used in Windows 11
Replies
1
Views
3K
abactuon
abactuon
  • Article
Phone Enable or Disable Sync Phone Link over Mobile Data when Not Connected to Wi-Fi
Replies
0
Views
619
Brink
Brink
  • Article
Network and Internet See List of All Wi-Fi Network Profiles in Windows 11
Replies
0
Views
1K
Brink
Brink
  • Article
Network and Internet Turn On or Off AutoSwitch for Wi-Fi Network in Windows 11
Replies
0
Views
1K
Brink
Brink
  • Article
Network and Internet Change Wi-Fi Network Profile Connection and Security Settings in Windows 11
Replies
0
Views
1K
Brink
Brink

Latest Tutorials

Latest Support Threads

Back
Top Bottom