Every person wants to keep their data secured while connected to the internet. Windows 11 comes with DNS over HTTPS (DoH) feature to encrypt the DNS requests when your computer makes them. While browsing or doing anything else online for improved online privacy and security Windows 11 offers DNS over HTTPS (DoH). By default, this feature remains disabled, and you need to enable it to use it.
Is Encrypted DNS helpful for Privacy and Security?
To understand the DNS encryption, let us see an example. Suppose you frequently visit a website using a domain name (such as google.com). When you try to access the domain name using any browser, your computer sends a request to a Domain Name System (DNS) server. After that, the DNS server receives the domain name and looks up the matching IP address in the list. Once the domain name and corresponding IP address are found, the DNS server sends the IP address back to your computer. The computer uses the IP address to connect to that site. Everything goes in the background, so you might not be aware of this.
Further, one should note that this domain name fetching process usually happens unencrypted on the network. That means a hacker can intercept the domain names of the sites you are visiting. When you use “DNS over HTTPS” (DoH), the communications between your computer and the DNS server are encrypted. It is impossible to intercept your DNS requests to snoop on the addresses or tamper with the responses from the DNS server you’re visiting. This is the beauty of DoH (DNS over HTTPS). I hope now you understand what DoH is and why you need to turn it on on your Windows 11 PC.
Which IP address should we use to enable “DNS over HTTPS” in Windows 11
As of now, Windows 11 only works with a specific hard-coded list of free DNS services. you can see the complete list by running the following command in Command Prompt:-
netsh dns show encryption
We have also accumulated the complete IP address list that you can use for DoH. Here it is:-
For IP V4
- Google DNS Primary: 22.214.171.124
- Google DNS Secondary: 126.96.36.199
- Cloudflare DNS Primary: 188.8.131.52
- Cloudflare DNS Secondary: 184.108.40.206
- Quad9 DNS Primary: 220.127.116.11
- Quad9 DNS Secondary: 18.104.22.168
For IP V6
- Google DNS Primary: 2001:4860:4860::8888
- Google DNS Secondary: 2001:4860:4860::8844
- Cloudflare DNS Primary: 2606:4700:4700::1111
- Cloudflare DNS Secondary: 2606:4700:4700::1001
- Quad9 DNS Primary: 2620:fe::fe
- Quad9 DNS Secondary: 2620:fe::fe:9
To enable DoH in your Windows 11 PC, you’ll need to select two pairs of these DNS servers: primary and secondary. If you use above mentioned IP addresses, it is expected to improve your internet browsing speed. So, now proceed with the configuration part.
How to Enable DNS over HTTPS in Windows 11?
To set up DNS over HTTPS, perform the following steps:-
Step 1. First, open the Settings app by pressing Windows + I keys on your keyboard.
Step 2. Select the Network & internet in the left sidebar when the Windows Settings opens.
Step 3. In the “Network & internet” settings page, click the name of your primary internet connection in the list, such as “Wi-Fi” or “Ethernet.”
Step 4. After that, click on Hardware properties.
Step 5. Now, click the Edit button beside the “DNS server assignment” option.
Step 6. In the “Edit DNS settings” pop-up window, use the drop-down menu and select Manual.
Step 7. Then flip the IPv4 switch to the On position.
Step 8. In the IPv4 section, enter the primary DNS server address you chose from the selection above in the “Preferred DNS” box (such as “22.214.171.124”). Then, enter the secondary DNS server address in the “Alternate DNS” box (such as “126.96.36.199”). After that, select “Encrypted only (DNS over HTTPS)” from the drop-down menu of “Preferred DNS encryption” and “Alternate DNS encryption.”
Step 9. When you are done, you need to repeat the steps for IPv6. For that, flip the IPv6 switch to the “On” position and then copy and paste the combination of IP addresses from the list mentioned above. Finally, click the Save button.
Now, scroll down on the Wi-Fi or Ethernet page. You’ll see your DNS servers listed with an “(Encrypted)” beside each of them.
That’s it. Close the Settings app. From now, all of your DNS requests will be private and secure on your Windows 11 PC.
In conclusion, DNS over HTTPS (DoH) is a valuable feature that comes with Windows 11, providing users with improved online privacy and security. By encrypting DNS requests, DoH prevents hackers from intercepting domain names and tampering with responses from DNS servers, which helps keep users’ browsing activities private. However, the feature is not enabled by default, and users must follow the steps outlined above to activate it. By selecting the appropriate primary and secondary DNS server addresses and enabling encryption, users can make their DNS requests secure and private. Overall, DoH is an essential tool that users should consider using to enhance their online security and privacy when using Windows 11.