Every person wants to keep their data secured while connected to the internet. Windows 11 comes with DNS over HTTPS (DoH) feature to encrypt the DNS requests when your computer makes them. While browsing or doing anything else online for improved online privacy and security Windows 11 offers DNS over HTTPS (DoH). By default, this feature remains disabled, and you need to enable it to use.
Is Encrypted DNS helpful for Privacy and Security?
To understand the DNS encryption, let us see an example. Suppose you frequently visit a website using a domain name (such as google.com). When you try to access the domain name using any browser, your computer sends a request to a Domain Name System (DNS) server. After that, the DNS server receives the domain name and looks up the matching IP address in the list. Once the domain name and corresponding IP address are found, the DNS server sends the IP address back to your computer. Then computer uses the IP address to connect to that site. Everything goes in the background, so you might not be aware of this.
Further, one should note that this domain name fetching process usually happens unencrypted on the network. That means a hacker can intercept the domain names of the sites you are visiting. When you use “DNS over HTTPS” (DoH), the communications between your computer and the DNS server are encrypted. It is impossible to intercept your DNS requests to snoop on the addresses or tamper with the responses from the DNS server you’re visiting. This is the beauty of DoH (DNS over HTTPS). I hope now you understand what DoH is and why you need to turn it on on your Windows 11 PC.
Which IP address we should use to enable “DNS over HTTPS” in Windows 11
As of now, Windows 11 only works with a specific hard-coded list of free DNS services. you can see the complete list by running the following command in Command Prompt:-
netsh dns show encryption
We have also accumulated the complete IP address list that you can use for DoH. Here it is:-
For IP V4
- Google DNS Primary: 126.96.36.199
- Google DNS Secondary: 188.8.131.52
- Cloudflare DNS Primary: 184.108.40.206
- Cloudflare DNS Secondary: 220.127.116.11
- Quad9 DNS Primary: 18.104.22.168
- Quad9 DNS Secondary: 22.214.171.124
For IP V6
- Google DNS Primary: 2001:4860:4860::8888
- Google DNS Secondary: 2001:4860:4860::8844
- Cloudflare DNS Primary: 2606:4700:4700::1111
- Cloudflare DNS Secondary: 2606:4700:4700::1001
- Quad9 DNS Primary: 2620:fe::fe
- Quad9 DNS Secondary: 2620:fe::fe:9
To enable DoH in your Windows 11 PC, you’ll need to select two pairs of these DNS servers: primary and secondary. If you use above mentioned IP addresses, it is expected to improve your internet browsing speed. So, now proceed with the configuration part.
How to Enable DNS over HTTPS in Windows 11?
To set up DNS over HTTPS, perform the following steps:-
Step 1. First, open the Settings app by pressing
Step 2. Select the
Step 3. In the “Network & internet” settings page, click the name of your primary internet connection in the list, such as “Wi-Fi” or “Ethernet.”
Step 4. After that, click on
Step 5. Now, click the
Step 6. In the “Edit DNS settings” pop-up window, use the drop-down menu and select
Step 7. Then flip the
Step 8. In the IPv4 section, enter the primary DNS server address you chose from the selection above in the “Preferred DNS” box (such as “126.96.36.199”). Then, enter the secondary DNS server address in the “Alternate DNS” box (such as “188.8.131.52”). After that, select “Encrypted only (DNS over HTTPS)” from the drop-down menu of “Preferred DNS encryption” and “Alternate DNS encryption.”
Step 9. When you are done, you need to repeat the steps for IPv6. For that, flip IPv6 switch to “On” position and then copy and paste the combination of IP addresses from the list mentioned above. Finally, click the
Now, scroll down on the Wi-Fi or Ethernet page. You’ll see your DNS servers listed with an “(Encrypted)” beside each of them.
That’s it. Close the Settings app. From now, all of your DNS requests will be private and secure on your Windows 11 PC.