How to Enable DNS over HTTPS in Windows 11
Key Takeaways
- Your ISP can see every domain you visit through unencrypted DNS requests, even on HTTPS sites
- Windows 11 has a native DNS over HTTPS feature that encrypts these lookups
- The fix takes a few minutes to configure and uses free public DNS servers like Cloudflare
The privacy gap hiding in plain sight
You might consider yourself privacy-conscious. You use a password manager, enable two-factor authentication, and avoid sketchy websites. But there's a good chance your ISP has been logging every site you visit this entire time.
The culprit is DNS, the Domain Name System. Every time you type a web address, your computer first asks a DNS server to translate that human-readable domain into an IP address. Think of it like calling directory assistance before dialing a phone number.
The problem: these DNS lookups happen in plain text by default. Your ISP can see every domain your machine requests. So can anyone else on your network. This becomes a real concern on public Wi-Fi at coffee shops, airports, or hotels.
Here's the frustrating part. Even when every website you visit uses HTTPS (that padlock icon in your browser), the DNS request that precedes the connection is still exposed. The site content is encrypted, but your ISP still knows you visited it.
Windows 11's hidden encryption setting
Windows 11 includes a native feature called DNS over HTTPS (DoH) that encrypts your DNS lookups. It's completely free, takes a few minutes to turn on, and most people have no idea it exists.
DNS over HTTPS wraps your DNS queries in the same encryption that protects regular web traffic. Your ISP can still see that you're sending data somewhere, but they can't read the domain names you're looking up.
How to enable DNS over HTTPS in Windows 11
The setup requires changing your DNS server settings and enabling encryption. You'll need to use a DNS provider that supports DoH. Cloudflare (1.1.1.1) and Google (8.8.8.8) are the most common free options.
- Open Settings and navigate to Network & internet
- Click on Wi-Fi (or Ethernet if you're wired)
- Select your current network connection
- Click Edit next to DNS server assignment
- Switch from Automatic to Manual
- Enable IPv4 and enter your preferred DNS server (e.g., 1.1.1.1 for Cloudflare)
- Under DNS over HTTPS, select On (automatic template) or Encrypted only
- Repeat for IPv6 if your network uses it
- Click Save
For IPv6, Cloudflare's addresses are 2606:4700:4700::1111 and 2606:4700:4700::1001. Google's are 2001:4860:4860::8888 and 2001:4860:4860::8844.
Verifying your configuration
After saving your settings, you should see your manually assigned DNS servers listed in the Wi-Fi properties panel. Windows will show both the IPv4 and IPv6 addresses you configured.
To confirm DoH is working, visit Cloudflare's connection test at one.one.one.one/help. It will tell you if your DNS queries are being encrypted.
Which DNS provider should you choose?
Cloudflare and Google are the most reliable options with the best performance for most users. Both support DNS over HTTPS and have fast response times.
| Provider | IPv4 Primary | IPv4 Secondary | Privacy Focus |
|---|---|---|---|
| Cloudflare | 1.1.1.1 | 1.0.0.1 | High (logs purged in 24 hours) |
| 8.8.8.8 | 8.8.4.4 | Medium (some data retained) | |
| Quad9 | 9.9.9.9 | 149.112.112.112 | High (blocks malicious domains) |
Cloudflare claims to purge all DNS logs within 24 hours and never sells data to advertisers. Quad9 adds malware blocking but may be slightly slower. Google's DNS is fast but the company retains some query data.
What this doesn't protect
DNS over HTTPS encrypts your domain lookups, but it's not a VPN. Your ISP can still see the IP addresses you connect to. Many large sites have unique IPs, so your ISP might still infer which services you use.
DoH also doesn't protect you from the websites themselves tracking your activity, or from malware on your device. It's one layer of privacy, not a complete solution.
Logicity's Take
Frequently Asked Questions
Will DNS over HTTPS slow down my internet?
Not noticeably. Modern DoH servers like Cloudflare are often faster than your ISP's default DNS. The encryption overhead is minimal.
Does this work on all Windows 11 versions?
Yes. DNS over HTTPS support was added in Windows 11 and is available in all versions. Windows 10 does not have native DoH support.
Can my employer still see my browsing if I enable this?
If you're on a corporate network, your company may use network monitoring that operates at a different level than DNS. DoH protects your DNS queries, but corporate firewalls can still inspect traffic.
Should I enable this on public Wi-Fi?
Especially on public Wi-Fi. Unencrypted DNS queries on shared networks are visible to anyone with the right tools. DoH prevents this snooping.
Is DNS over HTTPS the same as a VPN?
No. A VPN encrypts all your internet traffic and masks your IP address. DoH only encrypts DNS lookups. Your ISP can still see the IP addresses you connect to.
Need Help Implementing This?
Source: MakeUseOf
Huma Shazia
Senior AI & Tech Writer
Related Articles
Browse all
How to Jailbreak Your Kindle: Escape Amazon's Control Before They Brick Your E-Reader
Amazon is cutting off support for older Kindles starting May 2026, but you don't have to buy a new device. Jailbreaking your Kindle lets you install custom software like KOReader, read ePub files natively, and keep your e-reader alive for years to come.
X-Sense Smoke and CO Detectors at Home Depot: UL-Certified Alarms You Can Actually Trust
X-Sense just made their UL-certified smoke and carbon monoxide detectors available at Home Depot stores nationwide. The lineup includes wireless interconnected models that can link up to 24 units, 10-year sealed batteries, and smart features designed to cut down on those annoying false alarms that make people disable their detectors entirely.
How to Change Your Browser's DNS Settings for Faster, Private Browsing in 2026
Your browser's default DNS settings are probably slowing you down and leaking your browsing history to your ISP. Here's why changing this one setting should be the first thing you do on any new device, and how to pick the right DNS provider for your needs.
Raspberry Pi at 15: Why the King of Single-Board Computers Is Losing Its Crown
After 15 years of dominating the hobbyist computing scene, the Raspberry Pi faces serious competition from cheaper alternatives, supply chain headaches, and a market that's evolved past its original mission. Here's what's happening and what it means for your next project.
Also Read
Claude vs ChatGPT vs Gemini: Which AI Can Build a Chrome Extension?
A developer tested all three major LLMs on the same task: build a working Chrome extension from scratch. Only one succeeded without errors. The results reveal real differences in code generation quality that matter for anyone considering vibe coding.
3 Reasons to Add Your Passport to Google Wallet
Google Wallet now supports digital passports at over 250 US airports, offering faster security checkpoints and a backup for identity verification. Here's why frequent travelers should consider digitizing their travel documents.
5 Video Games That Deserve the Fallout TV Treatment
Amazon's Fallout adaptation proved video game TV shows can work when done right. From Ghost of Tsushima to Resident Evil, several franchises have the narrative depth and visual potential to follow in its footsteps.