You can enable DNS over HTTPS in Windows 11 using the four methods described in this article. Microsoft has updated the Settings app, and this feature is now easy to configure with just a few clicks.

DNS-over-HTTPS (DoH) is a modern security protocol for the Internet. The idea is to protect user privacy and security by encrypting DNS data sent between client and server devices. This eliminates man-in-the-middle attacks because DoH uses the HTTPS protocol. This requires a DoH supported server to resolve encrypted DNS requests from users.

This article shows you the different ways to enable the DoH feature in Windows 11.

Enabling DNS over HTTPS in Windows 11 (DoH)
Open the Settings application by pressing Win + I.
Open the Network and Internet page.
Click on the Properties button on the right.
On the next page, in the DNS Server Mapping section, click the Change button.
Select Manual from the drop-down list at the top of the page.
Specify the addresses of the DNS servers supported by the DoH using the reference table below.
Select Encryption only (DNS over HTTPS) from the Preferred DNS Encryption and Alternate DNS Encryption drop-down menus.
If your port supports IPv6, repeat the previous steps to configure it.
Finally, click on the Save button.

You’re done. To verify that DoH is actually working on your device, scroll down to the Network and Internet > Properties page. Encrypted should be displayed next to the value of the DNS address.

You can use the following public DNS servers over HTTPS.

List of public DNS servers supporting DoH
Server owner IPv4 address IPv6 address









Another method is to add DoH to the registry. Use it if the above method does not work for some reason or if the Settings application does not work in your session.

Enable DNS over HTTPS in the registry
Press Win + R, type regedit in the output box, and press Enter.
In the registry editor, navigate to the following path. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters.
Change or create a new 32-bit DWORD value of EnableAutoDoh on the right.
Set the value to 2.
Restart Windows 11.

Enables DNS over HTTPS so that Windows will send and receive DNS traffic on secure, encrypted servers. However, you must specify the correct DNS server address. Again, use one of the servers in the table above.

Here’s how to change the DNS server address in Windows 11 without using the Settings application.

Changing the server address after enabling DoH
Press Win + R and type control in the run window, then press Enter. The classic Control Panel application opens.
Go to Control Panel – Network and Internet Control Center for networking and sharing.
On the right side, click Edit Adapter Properties.
The Network Connections dialog box opens. Double-click on the network connection.
In the next window, click Properties.
In the adapter properties, select Internet Protocol version 4 (TCP/IPv4) and click Properties.
On the General tab, select Use the following DNS server addresses:. Enter the address of the DNS server that supports the DoH.
If your network configuration includes IPv6, specify IPv6 Server for Internet Protocol version 6 (TCP/IPv6).
Click OK to apply the changes.

You’re done.

By Sergey Tkachenko on 30. June 2021 in Windows 11.

About Sergei Tkachenko

