Privacy and security have become increasingly important as more of our daily activities move online. Every time you visit a website, stream a video, play an online game, or use a cloud-based application, your computer sends Domain Name System (DNS) requests to translate website names into IP addresses. Traditionally, these DNS requests are sent in plain text, which means they can potentially be viewed, monitored, or modified by internet service providers, network administrators, or malicious attackers.
To improve privacy and security, Windows 11 supports a technology called DNS over HTTPS (DoH). DNS over HTTPS encrypts DNS requests by sending them through a secure HTTPS connection. This prevents third parties from easily viewing the websites you are trying to access and helps protect against certain types of network attacks.
Microsoft introduced native DNS over HTTPS support in Windows 11 to make secure DNS easier for everyday users. Once enabled, Windows automatically encrypts DNS traffic whenever a compatible DNS provider is used. Popular DNS services such as Cloudflare, Google Public DNS, and Quad9 support DNS over HTTPS and can be configured directly through Windows settings.
Whether you want better privacy, stronger security, or simply want to use modern internet standards, enabling DNS over HTTPS is a worthwhile upgrade. This guide explains what DNS over HTTPS is, why it matters, and how to enable it in Windows 11 using several different methods.
What Is DNS Over HTTPS?
DNS over HTTPS is a protocol that encrypts DNS queries using HTTPS.
Normally:
- You enter a website address.
- Windows sends a DNS request.
- A DNS server responds with the website’s IP address.
Without encryption, others on the network may be able to view those DNS requests.
With DNS over HTTPS:
- DNS requests are encrypted.
- Requests travel through a secure HTTPS connection.
- Third parties cannot easily inspect DNS traffic.
This improves privacy and security during internet browsing.
Benefits of DNS Over HTTPS
Enabling DNS over HTTPS provides several advantages.
Improved Privacy
Your DNS requests become encrypted, making them more difficult for others to monitor.
Better Security
Encryption reduces the risk of DNS spoofing and certain man-in-the-middle attacks.
Protection on Public Wi-Fi
Public wireless networks are often less secure. DNS over HTTPS helps protect DNS traffic while using hotels, airports, cafes, and other public hotspots.
Reduced DNS Manipulation
Some networks modify DNS responses. Encrypted DNS makes unauthorized modification more difficult.
Modern Internet Standards
DNS over HTTPS is becoming increasingly common across browsers, operating systems, and networking services.
DNS Providers That Support DNS Over HTTPS
Before enabling DNS over HTTPS, choose a compatible DNS provider.
Cloudflare
IPv4 DNS:
1.1.1.11.0.0.1Google Public DNS
IPv4 DNS:
8.8.8.88.8.4.4Quad9
IPv4 DNS:
9.9.9.9149.112.112.112These providers support encrypted DNS connections in Windows 11.
Method 1: Enable DNS Over HTTPS Through Windows Settings
This is the easiest method for most users.
Follow these steps:
- Press Windows + I to open Settings.
- Select Network & Internet.
Choose:
- Wi-Fi if connected wirelessly.
or
- Ethernet if using a wired connection.
Next:
- Click your active network connection.
- Locate DNS Server Assignment.
- Click Edit.
In the DNS settings window:
- Change the setting to Manual.
- Enable IPv4.
Enter your preferred DNS server addresses.
Example using Cloudflare:
Preferred DNS:
1.1.1.1Alternate DNS:
1.0.0.1For each DNS entry:
- Select Encrypted Only (DNS over HTTPS).
Click:
- Save
Windows immediately begins using encrypted DNS queries.
Method 2: Enable DNS Over HTTPS for Google Public DNS
If you prefer Google Public DNS:
Open the DNS settings page and enter:
Preferred DNS:
8.8.8.8Alternate DNS:
8.8.4.4For both entries:
- Select Encrypted Only (DNS over HTTPS).
Save the changes.
Windows automatically uses Google’s encrypted DNS service.
Method 3: Configure DNS Over HTTPS for IPv6
If your network supports IPv6, you can enable encrypted DNS for IPv6 as well.
Enable IPv6 in the DNS configuration screen.
For Cloudflare:
Preferred DNS:
2606:4700:4700::1111Alternate DNS:
2606:4700:4700::1001Select:
- Encrypted Only (DNS over HTTPS)
Save the settings.
This ensures both IPv4 and IPv6 DNS traffic remains encrypted.
Method 4: Configure DNS Over HTTPS Using PowerShell
Advanced users can configure encrypted DNS through PowerShell.
Open PowerShell as Administrator.
To view adapters:
Get-NetAdapterConfigure DNS servers:
Set-DnsClientServerAddress -InterfaceAlias "Wi-Fi" -ServerAddresses ("1.1.1.1","1.0.0.1")PowerShell configures the DNS servers.
You may then verify DNS encryption settings through Windows network settings.
This method is often used by administrators managing multiple systems.
Method 5: Verify DNS Over HTTPS Is Enabled
After configuration, verify that encryption is active.
Open:
- Settings
- Network & Internet
- Your active network
Under DNS settings, you should see:
- Encrypted Only (DNS over HTTPS)
displayed beside the configured DNS servers.
If encryption is active, Windows is securing DNS traffic automatically.
Method 6: Flush DNS Cache After Enabling DoH
After changing DNS settings, clear the DNS cache.
Open Command Prompt as Administrator.
Run:
ipconfig /flushdnsPress Enter.
This removes old DNS entries and forces Windows to use the newly configured encrypted DNS service.
Method 7: Disable DNS Over HTTPS if Needed
If you encounter compatibility issues, you can disable DNS over HTTPS.
To do so:
- Open Settings.
- Go to Network & Internet.
- Open your network connection.
- Click Edit beside DNS Server Assignment.
Change:
- Encrypted Only
to:
- Unencrypted Only
or
- Automatic
Save the changes.
Windows returns to standard DNS operation.
How DNS Over HTTPS Works
Traditional DNS requests travel in plain text.
With DNS over HTTPS:
- You request a website.
- Windows encrypts the DNS query.
- The request is sent through HTTPS.
- The DNS provider processes the request.
- The response is returned securely.
Anyone monitoring the network can see that encrypted traffic exists but cannot easily determine the DNS requests being made.
DNS Over HTTPS vs Traditional DNS
| Feature | Traditional DNS | DNS Over HTTPS |
|---|---|---|
| Encryption | No | Yes |
| Privacy | Lower | Higher |
| Security | Basic | Enhanced |
| Protection on Public Wi-Fi | Limited | Better |
| DNS Spoofing Resistance | Lower | Higher |
| Supported in Windows 11 | Yes | Yes |
DNS over HTTPS offers clear advantages for users concerned about privacy and security.
Common Problems and Solutions
Encrypted Option Is Missing
Possible causes include:
- Unsupported DNS provider
- Older Windows version
- Incorrect DNS server address
Ensure Windows 11 is fully updated.
Internet Stops Working After Enabling DoH
Check:
- DNS server addresses
- Internet connectivity
- Router functionality
Try switching to another supported DNS provider.
DNS Settings Revert Automatically
Possible causes include:
- VPN software
- Group policies
- Network management software
Review installed networking applications.
Websites Load Slowly
This may be caused by:
- DNS provider performance
- Network congestion
- ISP routing issues
Trying another DNS provider often resolves the issue.
Security Considerations
While DNS over HTTPS improves privacy, it does not make browsing completely anonymous.
It does not:
- Hide your IP address
- Replace a VPN
- Prevent website tracking
- Encrypt all internet traffic
However, it significantly improves DNS privacy and reduces exposure of browsing activity at the DNS level.
Frequently Asked Questions
What is DNS over HTTPS?
DNS over HTTPS encrypts DNS requests using HTTPS to improve privacy and security.
Is DNS over HTTPS available in Windows 11?
Yes. Windows 11 includes built-in support for DNS over HTTPS.
Which DNS providers support DoH?
Popular options include Cloudflare, Google Public DNS, and Quad9.
Does DNS over HTTPS increase internet speed?
Not necessarily. It primarily improves privacy and security, although some DNS providers may offer faster response times.
Is DNS over HTTPS better than traditional DNS?
For privacy and security, yes. Encrypted DNS helps protect DNS traffic from monitoring and manipulation.
Does DNS over HTTPS replace a VPN?
No. DNS over HTTPS encrypts DNS requests, while a VPN encrypts most network traffic.
Can I use DNS over HTTPS on Wi-Fi and Ethernet?
Yes. Windows 11 supports DoH on both connection types.
Should I enable DNS over HTTPS?
For most users, enabling DNS over HTTPS is recommended because it improves privacy and security with minimal drawbacks.
Final Thoughts
DNS over HTTPS is one of the simplest yet most effective security improvements available in Windows 11. By encrypting DNS requests, it helps protect your browsing activity from unnecessary monitoring, improves resistance against DNS-based attacks, and enhances privacy when using both home and public networks.
Windows 11 makes enabling DNS over HTTPS straightforward through the Settings app, allowing users to configure trusted providers such as Cloudflare, Google Public DNS, and Quad9 in just a few minutes. Once enabled, DNS requests are automatically secured without requiring additional software or complicated configuration.
Although DNS over HTTPS does not replace a VPN or provide complete anonymity, it represents an important step toward a more secure and private online experience. For most Windows 11 users, enabling DNS over HTTPS is a worthwhile change that offers meaningful privacy benefits while maintaining compatibility with everyday internet activities.
