Microsoft has added the DNS over HTTPS (DoH) feature to enhance security and privacy on Windows 11. With this new feature, Windows 11 users will not have their internet activities tracked.
When you connect to a website or server on the internet, your computer must query a domain name system (DNS) server for the IP address associated with the hostname.
DoH allows your computer to perform these DNS lookups over an encrypted HTTPS connection rather than through normal plaintext DNS lookups. Thanks to that, internet providers (ISPs) and tracking agencies cannot get hold of your information.
DoH even helps users access blocked websites by monitoring DNS traffic.
Microsoft has launched DoH through the Windows 10 20185 build for users participating in the Windows Insider Program for testing purposes. However, they removed it after the next few builds.
Now, on Windows 11, Microsoft has re-enabled DoH and users can experience it right away on the Windows 11 Insider Preview version.

How to turn on DNS over HTTPS Windows 11
First, to experience DoH on Windows 11, you must install Windows 11 Insider Preview first. You can refer to how to join the Windows Insider Program to experience Windows 11 Insider Preview in the article below:
Then, you enable DoH on Win 11 by following these steps:
- Access Settings by pressing Windows + I or press Start then press Settings
- You find settings Network & Internet
- Here, you click WiFi or Ethernet Depending on your needs, then choose Edit in section DNS server assignment. With a WiFi network you will probably find it DNS server assignment in section Hardware properties
- On the new window, click on the drop-down menu below Edit DNS settings then select Manual
- You flip the button IPv4 from Off luxurious On then enter a DNS you like in the box Preferred DNS (example 1.1.1.1)
- Once you've filled it out, box Preferred DNS encryption below will be enabled for you to choose the encryption method you want. These include:
- Unencrypted only – Use standard unencrypted DNS
- Encrypted only (DNS over HTTPS) – Use only DoH servers
- Encrypted preferred, unencrypted allowed – Attempts to use DoH server but if not available will fall back to using standard unsecured DNS encryption
- You choose a DNS security method then click Save
- Additionally, you can also add a backup DNS in the section Alternate DNS encryption. Of course, you can also choose a security method for DNS backup.
DNS servers have DoH support on Windows 11
At this time, Microsoft says the following DNS servers support DoH and can be used automatically by Windows 11's DNS over HTTPS feature:
- Cloudflare: 1.1.1.1 and 1.0.0.1
- Google: 8.8.8.8 and 8.8.8.4
- Quad9: 9.9.9.9 and 149.112.112.112
How to check if DNS over HTTPS has been configured on Windows 11
To check if DNS over HTTPS has been configured on your Windows 11 or not, you can use the following commands:
With netsh:
netsh dns show encryption
With PowerShell:
Get-DnsClientDohServerAddress
Microsoft also allows administrators to create their own DoH servers with the following commands:
With netsh:
netsh dns add encryption server=[resolver-IP-address] dohtemplate=[resolver-DoH-template] autoupgrade=yes udpfallback=no
With PowerShell:
Add-DnsClientDohServerAddress -ServerAddress '[resolver-IP-address]' -DohTemplate '[resolver-DoH-template]' -AllowFallbackToUdp $False -AutoUpgrade $True
Manage DoH through Group policies
Microsoft also added the ability to manage Windows 11 DNS over HTTPS settings via Group policies. Microsoft has added a policy called “Configure DNS over HTTPS (DoH) name resolution” under Computer Configuration > Administrative Templates > Network > DNS Client.
- First, open Group policies by pressing Start and typing gpedit.msc then press Enter. Note, Group policies do not support Windows 11 Home edition
- Then you access Computer Configuration > Administrative Templates > Network > DNS Client
- Find Configure DNS over HTTPS (DoH) name resolution in the right box and then double-click it
- Here, you can enable/disable or configure DoH
Wish you success!