How to Enable DNS over HTTPS in Windows 11
Key Takeaways
- Your ISP can see every domain you visit through unencrypted DNS requests, even on HTTPS sites
- Windows 11 has a native DNS over HTTPS feature that encrypts these lookups
- The fix takes a few minutes to configure and uses free public DNS servers like Cloudflare
The privacy gap hiding in plain sight
You might consider yourself privacy-conscious. You use a password manager, enable two-factor authentication, and avoid sketchy websites. But there's a good chance your ISP has been logging every site you visit this entire time.
The culprit is DNS, the Domain Name System. Every time you type a web address, your computer first asks a DNS server to translate that human-readable domain into an IP address. Think of it like calling directory assistance before dialing a phone number.
The problem: these DNS lookups happen in plain text by default. Your ISP can see every domain your machine requests. So can anyone else on your network. This becomes a real concern on public Wi-Fi at coffee shops, airports, or hotels.
Here's the frustrating part. Even when every website you visit uses HTTPS (that padlock icon in your browser), the DNS request that precedes the connection is still exposed. The site content is encrypted, but your ISP still knows you visited it.
Windows 11's hidden encryption setting
Windows 11 includes a native feature called DNS over HTTPS (DoH) that encrypts your DNS lookups. It's completely free, takes a few minutes to turn on, and most people have no idea it exists.
DNS over HTTPS wraps your DNS queries in the same encryption that protects regular web traffic. Your ISP can still see that you're sending data somewhere, but they can't read the domain names you're looking up.
How to enable DNS over HTTPS in Windows 11
The setup requires changing your DNS server settings and enabling encryption. You'll need to use a DNS provider that supports DoH. Cloudflare (1.1.1.1) and Google (8.8.8.8) are the most common free options.
- Open Settings and navigate to Network & internet
- Click on Wi-Fi (or Ethernet if you're wired)
- Select your current network connection
- Click Edit next to DNS server assignment
- Switch from Automatic to Manual
- Enable IPv4 and enter your preferred DNS server (e.g., 1.1.1.1 for Cloudflare)
- Under DNS over HTTPS, select On (automatic template) or Encrypted only
- Repeat for IPv6 if your network uses it
- Click Save
For IPv6, Cloudflare's addresses are 2606:4700:4700::1111 and 2606:4700:4700::1001. Google's are 2001:4860:4860::8888 and 2001:4860:4860::8844.
Verifying your configuration
After saving your settings, you should see your manually assigned DNS servers listed in the Wi-Fi properties panel. Windows will show both the IPv4 and IPv6 addresses you configured.
To confirm DoH is working, visit Cloudflare's connection test at one.one.one.one/help. It will tell you if your DNS queries are being encrypted.
Which DNS provider should you choose?
Cloudflare and Google are the most reliable options with the best performance for most users. Both support DNS over HTTPS and have fast response times.
| Provider | IPv4 Primary | IPv4 Secondary | Privacy Focus |
|---|---|---|---|
| Cloudflare | 1.1.1.1 | 1.0.0.1 | High (logs purged in 24 hours) |
| 8.8.8.8 | 8.8.4.4 | Medium (some data retained) | |
| Quad9 | 9.9.9.9 | 149.112.112.112 | High (blocks malicious domains) |
Cloudflare claims to purge all DNS logs within 24 hours and never sells data to advertisers. Quad9 adds malware blocking but may be slightly slower. Google's DNS is fast but the company retains some query data.
What this doesn't protect
DNS over HTTPS encrypts your domain lookups, but it's not a VPN. Your ISP can still see the IP addresses you connect to. Many large sites have unique IPs, so your ISP might still infer which services you use.
DoH also doesn't protect you from the websites themselves tracking your activity, or from malware on your device. It's one layer of privacy, not a complete solution.
Logicity's Take
Frequently Asked Questions
Will DNS over HTTPS slow down my internet?
Not noticeably. Modern DoH servers like Cloudflare are often faster than your ISP's default DNS. The encryption overhead is minimal.
Does this work on all Windows 11 versions?
Yes. DNS over HTTPS support was added in Windows 11 and is available in all versions. Windows 10 does not have native DoH support.
Can my employer still see my browsing if I enable this?
If you're on a corporate network, your company may use network monitoring that operates at a different level than DNS. DoH protects your DNS queries, but corporate firewalls can still inspect traffic.
Should I enable this on public Wi-Fi?
Especially on public Wi-Fi. Unencrypted DNS queries on shared networks are visible to anyone with the right tools. DoH prevents this snooping.
Is DNS over HTTPS the same as a VPN?
No. A VPN encrypts all your internet traffic and masks your IP address. DoH only encrypts DNS lookups. Your ISP can still see the IP addresses you connect to.
Need Help Implementing This?
Source: MakeUseOf
Huma Shazia
Senior AI & Tech Writer
اقرأ أيضاً
رأي مغاير: كيف يؤثر اختراق الأمن الداخلي الأميركي على شركاتنا الخاصة؟
في ظل اختراق عقود الأمن الداخلي الأميركي مع شركات خاصة، نناقش تأثير هذا الاختراق على مستقبل الأمن السيبراني. نستعرض الإحصاءات الموثوقة ونناقش كيف يمكن للشركات الخاصة أن تتعامل مع هذا التهديد. استمتع بقراءة هذا التحليل العميق
الإنسان في زمن ما بعد الوجود البشري: نحو نظام للتعايش بين الإنسان والروبوت - Centre for Arab Unity Studies
في هذا المقال، سنناقش كيف يمكن للبشر والروبوتات التعايش في نظام متكامل. سنستعرض التحديات والحلول المحتملة التي تضعها شركات مثل جوجل وأمازون. كما سنلقي نظرة على التوقعات المستقبلية وفقًا لتقرير ماكنزي
إطلاق ناسا لمهمة مأهولة إلى القمر: خطوة تاريخية نحو استكشاف الفضاء
تعتبر المهمة الجديدة خطوة هامة نحو استكشاف الفضاء وتطوير التكنولوجيا. سوف تشمل المهمة إرسال رواد فضاء إلى سطح القمر لconducting تجارب علمية. ستسهم هذه المهمة في تطوير فهمنا للفضاء وتحسين التكنولوجيا المستخدمة في استكشاف الفضاء.