If you want to secure your data while using the internet, you should use DNS over HTTPS (DoH) feature in Windows 11 to encrypt the DNS requests when your computer makes them. While browsing or doing anything else online for improved online privacy and security, Windows 11 includes DNS over HTTPS (DoH) feature. By default, this feature remains turned off, and you need to turn it on in order to use it.
Is Encrypted DNS helpful for Privacy and Security?
To understand the DNS encryption, let us see an example. Suppose you frequently visit a website using a domain name (such as growupwindows.com). When you try to access the domain name using any browser, your computer sends a request to a Domain Name System (DNS) server. After that, the DNS server receives the domain name and looks up the matching IP address in the list. Once the domain name and corresponding IP address are found in the database, the DNS server sends the IP address back to your computer. Then computer uses the IP address to connect to that site. Everything goes in the background, so that you might be unaware of this.
Further, you should note that this domain name fetching process typically happens unencrypted on the network. That means a hacker can intercept the domain names of the sites you visit. When you use the “DNS over HTTPS” feature, the communications between your computer and the DNS server are encrypted. It is impossible to intercept your DNS requests to snoop on the addresses or tamper with the responses from the DNS server you’re visiting. This is the beauty of DoH (DNS over HTTPS). I hope you understand what DoH is and why you should enable it on your Windows 11 PC.
Which IP address we should use to enable “DNS over HTTPS” in Windows 11
Currently, Windows 11 only works with a specific hard-coded list of free DNS services. you can see the complete list by running the following command in Command Prompt:-
netsh dns show encryption
We have also accumulated the complete IP address list you can use for DoH. Here it is:-
For IP V4
- Google DNS Primary: 18.104.22.168
- Google DNS Secondary: 22.214.171.124
- Cloudflare DNS Primary: 126.96.36.199
- Cloudflare DNS Secondary: 188.8.131.52
- Quad9 DNS Primary: 184.108.40.206
- Quad9 DNS Secondary: 220.127.116.11
For IP V6
- Google DNS Primary: 2001:4860:4860::8888
- Google DNS Secondary: 2001:4860:4860::8844
- Cloudflare DNS Primary: 2606:4700:4700::1111
- Cloudflare DNS Secondary: 2606:4700:4700::1001
- Quad9 DNS Primary: 2620:fe::fe
- Quad9 DNS Secondary: 2620:fe::fe:9
To enable DoH in your Windows 11 PC, you’ll need to select two pairs of these DNS servers: primary and secondary. If you use above mentioned IP addresses, it is expected to improve your internet browsing speed. So, now proceed with the configuration part.
How to Enable DNS over HTTPS in Windows 11?
To set up DNS over HTTPS on Windows 11, use these steps:-
Step 1. First, open the Settings app.
To do that, use the
Step 2. In the Settings window, click the
Step 3. Then, click the name of your primary internet connection in the list, such as “Wi-Fi” or “Ethernet.”
Step 4. Next, click on
Step 5. Now, click the
Step 6. In the “Edit DNS settings” pop-up, use the drop-down menu and select the
Step 7. Next, flip the
Step 8. In the IPv4 section, enter the primary DNS server address you want to use as the “Preferred DNS,” such as “18.104.22.168”. Then, enter the secondary DNS server address in the “Alternate DNS” box, such as “22.214.171.124.” After that, select the “Encrypted only (DNS over HTTPS)” option in the drop-down menu “Preferred DNS encryption” and “Alternate DNS encryption.”
Step 9. When you’re done, you need to repeat the steps for IPv6. For that, flip the IPv6 switch to the “On” position and copy and paste the combination of IP addresses from the above-mentioned list. Finally, click the
Now, scroll down on the Wi-Fi or Ethernet page. You’ll see your DNS servers listed with “(Encrypted)” beside each DNS server address.
You can now close the Settings app. From now, all of your DNS requests will be private and secure on your Windows 11 PC.