1 How to Enable DNS over HTTPS (DoH) on Windows 112 The Best Free DNS Servers for Windows 113 How to Change DNS Server in Windows 11 and Windows 104 How to Perform a Windows Network Reset to Fix DNS Issues
What is DoH and what´s the difference to DNS over TLS? DNS over HTTPS (DoH), is a protocol introduced in 2018 that seeks to hide DNS queries and responses passing the traffic through an encrypted HTTPS session. In doing so, it both improves user privacy and prevents attackers from spoofing or altering DNS traffic for malicious purposes. It’s important to note that DNS over HTTPS is not the same as DNS over TLS (DoT). Though they provide similar encryption and are both encrypted, they differ in a key aspect: the port they use. DoT uses a dedicated port, 853, while DoH uses port 433. Why does the port matter? Though DoT is encrypted, an admin watching the network can see that requests are coming and going, even if it would be a struggle to see their contents because of encryption. DoH, however, uses the same port as all other HTTPS traffic, such as web browsing. It’s camouflaged within the massive amounts of HTTPS data flowing in and out of the network. This is good if you’re looking for privacy, as it makes it difficult for network admins to maintain visibility. It can be a bad thing for network managers, though, as it makes it more difficult for them to block malicious DNS queries. Which browsers support DNS-over-HTTPS? Due to its relative newness, not every browser has specific support for DNS over HTTPS at the time of writing. This functionality allows you to force your browser to use DNS over HTTPS separately from the rest of your operating system and applications. Most major browsers do, however, including:
Chrome (Version 83+) Microsoft Edge (Version 86+) Firefox (Version 62+) Bromite (Version 67.0.3396.88+)
Several other tools with DoH support, as well as a list of publicly available DoH servers, are listed on this GitHub. With all that said, let’s take a look at how to change your DNS in Windows 11 and use DNS over HTTPS:
How to Enable DNS over HTTPS (DoH) on Windows 11
The Best Free DNS Servers for Windows 11
Now that you know how to enable DNS over HTTPS in Windows 11, you may want to explore more Windows 11 DNS options. Different DNS services offer different features and performance, with the closest servers to you typically delivering the lowest ping.
You should set your DNS to a public DNS provider. In our case, we chose Quad9, with the IP address 9.9.9.9. You’ll find more options in the section below.
Note: You only need to choose either IPv4 or Ipv6, not both.
Here are some of the best free Windows DNS over HTTPS options. We’ll present them in the “IPv4/Alternate IPv4 | IPv6/Alternate IPv6” format:
Open DNS: 208.67.222.222/208.67.220.220 | 2620:119:35::35/2620:119:53::53 Owned by networking giant Cisco, OpenDNS is fas, secure, and offers an additional “Family Shield” option for those who have kids. Cloudflare: 1.1.1.1/1.0.0.1 | 2606:4700:4700::1111/2606:4700:4700::1001 Cloudflare is best known for its DDoS protection/CDN technology, but it also introduced a free DNS service in 2018. As well as claiming to be the “fastest DNS resolver on earth”, Cloudflare DNS has built-in security, including DDoS mitigation and DNSSEC. It also offers its DNS for mobile via an app called 1.1.1.1 Warp. Still, its primary advantage is being incredibly easy to remember. Google DNS: 8.8.8.8/8.8.4.4 | 2001:4860:4860::8888/2001:4860:4860::884 Google DNS for IPv6 and IPv4 has been around for a very long time and benefits from both Google’s extensive global infrastructure and easy-to-remember IPv4 addresses. Some, however, have privacy concerns due to it being owned by one of the biggest ad firms in the world. Quad9: 9.9.9.9/149.112.112.112 | 2620:fe::fe/2620:fe::9 Quad9 is a Swiss company focused on making the internet a more private and secure place. Its major feature is its ability to block malware, phishing, and spyware websites through a regularly maintained list. It also claims that no data containing your IP address is ever logged. Uncensored DNS: 91.239.100.100/91.239.100.100 | 2001:67c:28a4::/2001:67c:28a4:: If you don’t trust any company to have your best interests at heart, uncensored DNS could be a good bet. Run entirely by a private individual, Danish ISP admin Thomas Steen Rasmussen, it is free from corporate interests. The service is run with Rasmussen’s own money as a private individual. As the name suggests, it removes DNS-based website censorship, but it also does not log any personal information.
You can test the speed of different Windows DNS providers from your location by using a tool such as GRC.
How to Change DNS Server in Windows 11 and Windows 10
If you’re just looking to change DNS server, and not enable DNS over HTTPS, you may be better served our existing guide. It’s designed for Windows 10, but the Control Panel should be identical for windows 11.
How to Perform a Windows Network Reset to Fix DNS Issues
If you’re having problems with DNS resolution, whether it be after following this guide or randomly, you can try to perform a full Windows 10/Windows 11 Network reset by following our dedicated tutorial. This will reset your DNS settings to their default state.
