Advertisement

How to Enable DNS over HTTPS in Windows 10

You can enable DNS over HTTPS in Windows 10 (DoH) in Windows 10 using one of the methods available in the OS, including Settings and Registry. DNS-over-HTTPS is a relatively young web protocol. Its primary goal is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

DNS Over Https In Windows 10

The plan to support DoH in Windows 10 was revealed with a number of principles Microsoft is going to use when implementing the feature in the OS. Microsoft planned to implement support for encryption of DNS traffic back in 2019, but users were able to try this new feature only in 2020. So Windows 10 Build 19628 was the first build to include the DoH support.

Advertisеment

This post will show you how to enable and configure the DNS over HTTPS  (DoH) feature on Windows 10.

Enable DNS over HTTPS in Windows 10

  1. Open the Settings app. You can press Win + I to open it faster.
  2. Navigate to Network & internet > Status.Windows 10 Network And Internet Status
  3. Click on Properties.Windows 10 Network And Internet Status Properties Button
  4. On the next page, click on the Edit button under DNS settings.
  5. Select Manual.
  6. Specify DNS servers that support DoH (see the list in the next chapter).
  7. Select Encrypted only (DNS over HTTPS) from the In the Preferred DNS encryption drop-down menu for each of the servers.Enable DNS Over HTTPS In Windows 10
  8. If you are using IPv6 DNS, repeat the previous step for the its configuration.
  9. Finally, click on the Save button.Save Settings To Enable DNS Over HTTPS In Windows 10

You are done. To find that DoH actually works, scroll down the contents of the network settings page. You should see "Encrypted" next to the DNS address value on the Properties page.Verify DNS Over HTTPS Is Enabled On Windows 10

The list of public DNS server that support encryption can be found in the table below.

The list of DoH-enabled servers

You can use the following public DNS over HTTPS servers.

Server OwnerIPv4 addressesIPv6 addresses
Cloudflare1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001

Google8.8.8.8

8.8.4.4

2001:4860:4860::8888

2001:4860:4860::8844

Quad99.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::fe:9

However, if your Windows 10 version doesn't allow to turn on DNS over HTTPS in Settings, e.g. the options are missing, you can apply a Registry tweak to do the same. It is an alternative method to the Settings app.

Turn on DNS over HTTPS in the Registry

  1. Open the Registry Editor. Press Win + R and type regedit in the Run box.
  2. Go to the following Registry key. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters.
  3. On the right, modify or create a new 32-Bit DWORD value EnableAutoDoh.
  4. Set its value to 2.Enable DNS Over HTTPS In Registry
  5. Restart Windows 10.

This will activate DNS over HTTPS, so Windows 10 will start sending and receiving DNS traffic through secure, encrypted servers. However, you need to change the DNS server address to one from the above mentioned table. Here is how you can set a DNS server address.

Change Server Address after enabling DoH

  1. Open the classic Control Panel. Press Win + R and type control in the Run box, then hit Enter.
  2. Go to Control Panel\Network and Internet\Network and Sharing Center.
  3. On the right, click on Change adapter properties.
  4. In the Network Connections window, double-click your network connection.Double Click Network Connection
  5. Click Properties in the next window.Network Connection Status Properties Button
  6. In Adapter Properties, select the Internet Protocol Version 4 (TCP/IPv4) entry, and click on the Properties button.Properties Button For The IPv4 Protocol
  7. Select the option "Use the following DNS server addresses:" on the General tab. Enter the DNS server address that supports DoH.Specify DNS Server Address
  8. If your network configuration includes IPv6, specify the IPv6 servers for the Internet Protocol Version 6 (TCP/IPv6) option.
  9. Click OK to apply the change.

You are done.

Finally, you can check if DNS over HTTPS works for you after applying the Registry tweak and the above mentioned changes. You can verify it’s working by seeing no more plain text DNS traffic from your device.

Verify that your DNS over HTTPS settings work

  1. Open a command prompt as Administrator.
  2. Type and run the following command to reset network traffic filter: pktmon filter remove.
  3. Type and run the following command to add a traffic filter for port 53, the port classic DNS uses: pktmon filter add -p 53.
  4. Run the following command to start a real-time logging of traffic: pktmon start --etw -m real-time.
  5. All port 53 packets will be printed to the command line. If DoH works, you should not see traffic here.Verify that your DNS over HTTPS settings work

That's it.

Related articles:

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Advertisеment

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

3 thoughts on “How to Enable DNS over HTTPS in Windows 10”

Leave a Reply

Your email address will not be published.

css.php
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.