By default, your computer will use the DNS setup from your ISP. This will create lot of problems as your ISP will use local DNS servers which will delay loading of global websites that you access in browser. In addition, default DNS connection can also create security problems. Windows 11 has an in-built feature called DoH or DNS over HTTPS to improve the security of network connection. In this article, we will explain how to enable DNS over HTTPS in Windows 11 computers. Learn how to enable DNS over HTTPS in Google Chrome browser.
How DNS Over HTTPS Improves Security?
When you enter a website address (called host or domain name) in browser’s address bar, your browser will use the default DNS setup and try to resolve the domain name to an IP address. Default DNS servers from ISP use unencrypted connection for finding the IP address of the domains. This can create problem as anyone intercept the connection and spoof the IP address. To avoid this, you can use encrypted DNS connection using DNS over HTTPS in Windows 11.
However, you should change the DNS to public servers to enable DoH in Windows. The best available options include using Google Public DNS or OpenDNS servers. The DNS setup needs a primary server and alternate server to use when the primary server fails to resolve the domain. The details of IPv4 and IPv6 addresses for Google and OpenDNS are given below. You can use one set of these details in your DoH setup Windows 11 computer.
|Google Public DNS||188.8.131.52 and 184.108.40.206||2001:4860:4860::8888 2001:4860:4860::8844|
|OpenDNS||220.127.116.11 18.104.22.168||2620:119:35::35 2620:119:53::53|
Enable DNS Over HTTPS in Windows 11
There are few ways to change the DNS setup in Windows 11. Basically, you need to edit the current wireless network connection properties and configure it to use the public DNS servers instead of your ISP provided details.
- Press “Win + I” to open Windows Settings app and navigate to “Network & internet” section.
- Scroll down on the right pane to bottom and click on “Advanced network settings” option.
- Click on your currently connected Wi-Fi network and select “View additional properties” option.
- By default, the “DNS server assignment” will show “Automatic (DHCP)”. To change the DNS set, click the “Edit” button.
- Select “Manual” option from the dropdown and enable IPv4 switch on.
- Enter “Preferred DNS” and “Alternate DNS” server IP addresses from the above table. For example, you should enter 22.214.171.124 as preferred DNS and 126.96.36.199 as alternate DNS servers.
- As you can see the default setting for “Preferred DNS encryption is set as “Unencrypted only” which you cannot change. However, when you enter the IP address, the “Preferred DNS encryption” box will open for editing. Select “Encrypted only (DNS over HTTPS)” option for both preferred and alternate DNS encryption options.
- Similarly, enable IPv6 and enter the preferred and alternate DNS servers from the above table. After entering IP addresses, you can change the encryption to “Encrypted only (DNS over HTTPS)” for both preferred and alternate servers for IPv6.
- Finally, save the changes and now you will see the details under “DNS server assignment” section.
- Now onwards, Your computer will start using the DNS connection over secured HTTPS connection whenever you browse websites.
You can also configure the DNS under “Windows Settings > Network & internet > Wi-Fi > Hardware properties” section. This will open the same DNS server assignment page in Windows 11 and click on “Edit” button to configure the servers as explained above. Learn more on how to change DNS in Windows 10 and earlier versions.
Caution Using IPv6
You may find some websites are not loading or some apps stopped working after changing to DoH. In this case, disable IPv6 option in DNS setup so that it will only use IPv4 connection. You can also check whether your current setup uses IPv6 or not by scrolling down on the Wi-Fi properties settings page. If your current setup does not use IPv6, then make sure you are not using the IPv6 for manual configuration and only use IPv4. In addition, you can also use “Encrypted preferred, unencrypted allowed” option for DNS encryption to allow both encrypted and unencrypted connections. However, this may reduce your security level compared to only using DoH option.