While connected to the internet, everyone wants their data to be safe. DNS over HTTPS (DoH) is a feature in Windows 11 that encrypts DNS requests made by your computer. For improved online privacy and security while browsing or doing anything else online, Windows 11 offers DNS over HTTPS (DoH). This feature is disabled by default, and you must enable it to use it.
Related: How to Change Recycle Bin Storage Size in Windows 11
Is Encrypted DNS helpful for Privacy and Security?
Let’s look at an example to better understand DNS encryption. Assume you frequently visit a website with a specific domain name (such as google.com). Your computer sends a request to a Domain Name System (DNS) server when you try to access the domain name using any browser. After that, the DNS server receives the domain name and searches the list for a matching IP address. The DNS server returns the IP address to your computer once the domain name and corresponding IP address have been found. The computer then connects to that site using the IP address. Everything happens in the background, so you may not notice.
It’s also worth noting that the domain name retrieval process is usually done over an unencrypted network. A hacker can thus intercept the domain names of the websites you visit. The communications between your computer and the DNS server are encrypted when you use “DNS over HTTPS” (DoH). Intercepting your DNS requests to snoop on addresses or tampering with the responses from the DNS server you’re visiting is impossible. This is what makes DoH so appealing (DNS over HTTPS). I hope you now know what DoH is and why you need to enable it on your Windows 11 computer.
Which IP address we should use to enable “DNS over HTTPS” in Windows 11
Currently, Windows 11 only supports a limited number of free DNS services that are hard-coded into the operating system. Run the following command in Command Prompt to see the complete list:-
netsh dns show encryption
We’ve also compiled a comprehensive list of IP addresses for DoH. It is as follows:
For IP V4
- Google DNS Primary: 18.104.22.168
- Google DNS Secondary: 22.214.171.124
- Cloudflare DNS Primary: 126.96.36.199
- Cloudflare DNS Secondary: 188.8.131.52
- Quad9 DNS Primary: 184.108.40.206
- Quad9 DNS Secondary: 220.127.116.11
For IP V6
- Google DNS Primary: 2001:4860:4860::8888
- Google DNS Secondary: 2001:4860:4860::8844
- Cloudflare DNS Primary: 2606:4700:4700::1111
- Cloudflare DNS Secondary: 2606:4700:4700::1001
- Quad9 DNS Primary: 2620:fe::fe
- Quad9 DNS Secondary: 2620:fe::fe:9
You’ll need to select two pairs of DNS servers: primary and secondary, to enable DoH on your Windows 11 PC. It is expected that using the IP addresses listed above will improve your internet browsing speed. So, let’s get started with the configuration.
How to Enable DNS over HTTPS in Windows 11?
Follow these steps to configure DNS over HTTPS:-
- Press the Windows + I keys on your keyboard to open the Settings app.
- When the Windows Settings window appears, select Network & Internet from the left sidebar.
- On the “Network & internet” settings page, select “Wi-Fi” or “Ethernet” as your primary internet connection from the list.
- Next, select Hardware Properties from the drop-down menu.
- Now, next to the “DNS server assignment” option, click the Edit button.
- In the “Edit DNS settings” pop-up window, select Manual from the drop-down menu.
- Finally, turn the IPv4 switch to the On position.
- In the IPv4 section, in the “Preferred DNS” box, type the primary DNS server address you chose from the list above (for example, “18.104.22.168”). Then, in the “Alternate DNS” box, type the secondary DNS server address (for example, “22.214.171.124”). Then, from the drop-down menus for “Preferred DNS encryption” and “Alternate DNS encryption,” choose “Encrypted only (DNS over HTTPS).”
- When you’re finished, repeat the process for IPv6. To do so, first turn on the IPv6 switch, and then copy and paste the IP address combination from the list above. Finally, save your work by clicking the Save button.
Now go to the Wi-Fi or Ethernet page and scroll down. Your DNS servers will be listed with a “(Encrypted)” beside them.
That is all there is to it. Remove the Settings app from your device. All of your DNS requests on your Windows 11 PC will now be private and secure.