Browsers and Mail Enable or Disable Secure DNS over HTTPS (DoH) in Microsoft Edge


  • Staff
Microsoft_Edge_banner.png

This tutorial will show you how to turn on or off secure DNS in Microsoft Edge for your account or all users in Windows 10 and Windows 11.

The Microsoft Edge web browser is based on Chromium and was released on January 15, 2020. It is compatible with all supported versions of Windows, and macOS. With speed, performance, best in class compatibility for websites and extensions, and built-in privacy and security features.

To navigate to a website, the browser needs to look up the network address (e.g. 93.184.216.34) for the host name (e.g. example.com) that’s used in the website’s URL. Secure DNS (DNS over HTTPS (DoH)) performs this lookup using a service over an HTTPS connection to the DNS service provider, thus protecting the lookups from modification or eavesdropping by attackers on the network.

By default, Microsoft Edge uses your current secure DNS provider. Microsoft Edge also offers alternate secure DNS providers to use.

References:


Contents

  • Option One: Turn On or Off Secure DNS in Microsoft Edge for Current User from Settings
  • Option Two: Enable or Disable Secure DNS in Microsoft Edge for All Users using REG file




Option One

Turn On or Off Secure DNS in Microsoft Edge for Current User from Settings


1 Open Microsoft Edge.

2 Click/tap on the Setting and more (Alt+F) 3 dots button, and click/tap on Settings. (see screenshot below)

Microsoft_Edge_Settings.png

3 Click/tap on Privacy, search, and services in the left pane. (see screenshots below)

If you do not see a left pane, then either click/tap on the 3 bars menu button towards the top left OR widen the horizontal borders of the Microsoft Edge window until you do.


4 Do step 5 (on - current), step 6 (on - choose), or step 7 (off) below for what you want.

5 Turn On Secure DNS and Use Current Service Provider in Microsoft Edge

This is the default setting.


A) Under Security on the right side, turn on Use secure DNS to specify how to lookup the network address for websites. (see screenshot below)​

B) Select (dot) Use current service provider.​

Microsoft_Edge_secure_DNS-1.png

6 Turn On Secure DNS and Choose a Service Provider in Microsoft Edge

A) Under Security on the right side, turn on Use secure DNS to specify how to lookup the network address for websites. (see screenshot below)​

B) Select (dot) Choose a service provider.​

C) Click/tap inside the Enter custom provider box to open its drop menu.​

D) Select the DNS over HTTPS (DoH) provider you want to use in the drop menu.​

Microsoft_Edge_secure_DNS-2.png

7 Turn Off Secure DNS in Microsoft Edge

A) Under Security on the right side, turn off Use secure DNS to specify how to lookup the network address for websites. (see screenshot below)​

Microsoft_Edge_secure_DNS-3.png




Option Two

Enable or Disable Secure DNS in Microsoft Edge for All Users using REG file


You must be signed in as an administrator to use this option.

This option uses the BuiltInDnsClientEnabled policy for Microsoft Edge.


1 Do step 2 (always on), step 3 (always off), or step 4 (default) below for what you want.

2 Always Turn On "Use secure DNS to specify how to lookup the network address for websites" in Microsoft Edge for All Users

This will override and gray out Option One.


A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.​

Always_turn_on_secure_DNS_in_Microsoft_Edge_for_all_users.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"BuiltInDnsClientEnabled"=dword:00000001

3 Always Turn Off "Use secure DNS to specify how to lookup the network address for websites" in Microsoft Edge for All Users

This will override and gray out Option One.


A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.​

Always_turn_off_secure_DNS_in_Microsoft_Edge_for_all_users.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"BuiltInDnsClientEnabled"=dword:00000000

4 Default User Choice "Use secure DNS to specify how to lookup the network address for websites" in Microsoft Edge

This is the default setting to allow using Option One.


A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.​

Default_user_choice_secure_DNS_in_Microsoft_Edge.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"BuiltInDnsClientEnabled"=-

5 Save the .reg file to your desktop.

6 Double click/tap on the downloaded .reg file to merge it.

7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

8 If Microsoft Edge is currently open, then close and reopen Microsoft Edge to apply.

9 You can now delete the downloaded .reg file if you like.


That's it,
Shawn Brink


 

Attachments

  • Default_user_choice_secure_DNS_in_Microsoft_Edge.reg
    596 bytes · Views: 390
  • Always_turn_on_secure_DNS_in_Microsoft_Edge_for_all_users.reg
    622 bytes · Views: 651
  • Always_turn_off_secure_DNS_in_Microsoft_Edge_for_all_users.reg
    622 bytes · Views: 457
Last edited:
In Windows 11, Instead of enabling it in Edge or any other browser, it's best that this is done within Windows settings. When you set it up globally, you have a fallback choice in case something doesn't work. If something doesn't work, it will fall back to the unsecure method.
 

My Computer

System One

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Built (ASUS, Intel, Nvidia, Creative Labs, Corsair, Seasonic, Lian Li)
    CPU
    Intel® Core™ i9-9900K
    Motherboard
    ASUS ROG MAXIMUS XI EXTREME
    Memory
    Corsair Vengeance RGB Pro 128GB (4x32GB) ‎CMW128GX4M4E3200C16
    Graphics Card(s)
    Nvidia GeForce RTX 3080 TI Founders Edition
    Sound Card
    Creative Sound Blaster AE-9
    Monitor(s) Displays
    MSI Creator PS321URV 32 Inch HDR600
    Screen Resolution
    3840 x 2160 (4K)
    Hard Drives
    Samsung 970 Pro 1TB
    Samsung 980 Pro 1TB
    PSU
    Seasonic Prime TX 1000
    Case
    Lian Li 011 Dynamic XL ROG Edition
    Cooling
    ASUS ROG STRIX LC II 360 ARGB AIO, 10x UNI FAN SL-INFINITY Fans
    Keyboard
    Razer Huntsman Elite (Silent keys)
    Mouse
    Logitech MX Master 3s
    Internet Speed
    500 Mb/s Down and 20 Mb/s Up
    Browser
    Microsoft Edge
    Antivirus
    Windows Defender
    Other Info
    Speakers: Vanatoo Transparent One Encore with a REL HT/1003 Subwoofer
Why do I get this error (for some DNS servers)?!

s2.png
 

My Computer

System One

  • OS
    Win 11 Enterprise
    Computer type
    Laptop
    CPU
    i7
    Hard Drives
    SSD
Is there a way to disable the same on brave browser with a reg file please?
 

My Computer

System One

  • OS
    windows 11
    Computer type
    PC/Desktop
Jesseinsf Stated: In Windows 11, Instead of enabling it in Edge or any other browser, it's best that this is done within Windows settings. When you set it up globally, you have a fallback choice in case something doesn't work. If something doesn't work, it will fall back to the unsecure method.

If this is truly the case, how do you do that, is their a reg file available to enable / undo this globally in windows settings ? Can someone master one up real quick--I use Google Chrome but that would not matter I guess if it's a global setting that is applied. Many thanks to the wonderful folks out there..
 

My Computer

System One

  • OS
    Windows 11 Pro 64 Bit 24H2@ 26100-2033
    Computer type
    Laptop
    Manufacturer/Model
    Sony Vaio VPCF1
    CPU
    Intel Core I7 740QM 1.73 GHZ Clarksfield
    Motherboard
    Sony Vaio American Megatrends
    Memory
    6 GB
    Graphics Card(s)
    NVidia GT330M
    Sound Card
    Realtek
    Monitor(s) Displays
    Dell 24" ST2420
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 840 EVO 500gig
    Keyboard
    logitech
    Mouse
    logitech
    Internet Speed
    600
    Browser
    Google Chrome
    Antivirus
    Norton 360
Is there a way to disable the same on brave browser with a reg file please?
This reg file was the only way for edge to connect properly with my secured dns provider configured via windows 11. However id like to implement the same to brave and chrome, and I’m not sure how to do it..
 

My Computer

System One

  • OS
    windows 11
    Computer type
    PC/Desktop

Latest Support Threads

Back
Top Bottom