This tutorial will show you how to turn on or off secure DNS in Microsoft Edge for your account or all users in Windows 10 and Windows 11.
The Microsoft Edge web browser is based on Chromium and was released on January 15, 2020. It is compatible with all supported versions of Windows, and macOS. With speed, performance, best in class compatibility for websites and extensions, and built-in privacy and security features.
To navigate to a website, the browser needs to look up the network address (e.g. 93.184.216.34) for the host name (e.g. example.com) that’s used in the website’s URL. Secure DNS (DNS over HTTPS (DoH)) performs this lookup using a service over an HTTPS connection to the DNS service provider, thus protecting the lookups from modification or eavesdropping by attackers on the network.
By default, Microsoft Edge uses your current secure DNS provider. Microsoft Edge also offers alternate secure DNS providers to use.
References:
Safety and privacy in Microsoft Edge
October is almost over! The leaves are changing, pumpkin spices are everywhere, and frights and haunts are becoming commonplace. In the U.S., it’s also National Cyber Security Awareness month. To celebrate it all, we’ll share some of the great se
blogs.windows.com
Microsoft Edge Privacy Whitepaper
Privacy aspects of features of Microsoft Edge, including how your data is shared with Microsoft and how to change settings for this data sharing.
learn.microsoft.com
Contents
- Option One: Turn On or Off Secure DNS in Microsoft Edge for Current User from Settings
- Option Two: Enable or Disable Secure DNS in Microsoft Edge for All Users using REG file
1 Open Microsoft Edge.
2 Click/tap on the Setting and more (Alt+F) 3 dots button, and click/tap on Settings. (see screenshot below)
3 Click/tap on Privacy, search, and services in the left pane. (see screenshots below)
If you do not see a left pane, then either click/tap on the 3 bars menu button towards the top left OR widen the horizontal borders of the Microsoft Edge window until you do.
4 Do step 5 (on - current), step 6 (on - choose), or step 7 (off) below for what you want.
5 Turn On Secure DNS and Use Current Service Provider in Microsoft Edge
This is the default setting.
A) Under Security on the right side, turn on Use secure DNS to specify how to lookup the network address for websites. (see screenshot below)
B) Select (dot) Use current service provider.
6 Turn On Secure DNS and Choose a Service Provider in Microsoft Edge
A) Under Security on the right side, turn on Use secure DNS to specify how to lookup the network address for websites. (see screenshot below)
B) Select (dot) Choose a service provider.
C) Click/tap inside the Enter custom provider box to open its drop menu.
D) Select the DNS over HTTPS (DoH) provider you want to use in the drop menu.
7 Turn Off Secure DNS in Microsoft Edge
A) Under Security on the right side, turn off Use secure DNS to specify how to lookup the network address for websites. (see screenshot below)
You must be signed in as an administrator to use this option.
This option uses the BuiltInDnsClientEnabled policy for Microsoft Edge.
1 Do step 2 (always on), step 3 (always off), or step 4 (default) below for what you want.
2 Always Turn On "Use secure DNS to specify how to lookup the network address for websites" in Microsoft Edge for All Users
This will override and gray out Option One.
A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.
Always_turn_on_secure_DNS_in_Microsoft_Edge_for_all_users.reg
(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"BuiltInDnsClientEnabled"=dword:00000001
3 Always Turn Off "Use secure DNS to specify how to lookup the network address for websites" in Microsoft Edge for All Users
This will override and gray out Option One.
A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.
Always_turn_off_secure_DNS_in_Microsoft_Edge_for_all_users.reg
(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"BuiltInDnsClientEnabled"=dword:00000000
4 Default User Choice "Use secure DNS to specify how to lookup the network address for websites" in Microsoft Edge
This is the default setting to allow using Option One.
A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.
Default_user_choice_secure_DNS_in_Microsoft_Edge.reg
(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"BuiltInDnsClientEnabled"=-
5 Save the .reg file to your desktop.
6 Double click/tap on the downloaded .reg file to merge it.
7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.
8 If Microsoft Edge is currently open, then close and reopen Microsoft Edge to apply.
9 You can now delete the downloaded .reg file if you like.
That's it,
Shawn Brink
Attachments
Last edited: