When you type a URL in the address bar and hit enter, the first thing the browser does is to do a DNS query to find where the website is. Traditionally speaking, DNS queries are sent over the internet in cleartext, which could very well lead to tracking and spoofing vulnerabilities that put your data at risk.
There are many servers in between your computer and the DNS server. Information travels through these servers, called on-path routers, can be tracked and used to create a profile of you with a record of all the websites that you look up. And that data is valuable and can be sold to other companies with a lot of money.
What’s worse than tracking is spoofing. If any of the servers act as a bad man in the middle, they can spoof you a wrong address for a site that could potentially steal your credentials, instead of serving you a right website you were asking for.
The answer to this is DNS over HTTPS, a protocol that performs DNS name solving via the HTTPS protocol, encrypting the data between the user and a DNS resolver.
Enable DNS over HTTPS on Windows 10
To enable DOH system-wide on Windows 10, you first need to make a small registry tweak, adding a DWORD32 value called EnableAutoDOH in the following location and set its value to 2.
And then set the DNS server address in your Network Adapter IP 4 protocol as one of the following public DNS.
- Cloudflare – 22.214.171.124 or 126.96.36.199
- Google DNS – 188.8.131.52 or 184.108.40.206
- Quad9 – 220.127.116.11
Enable DNS over HTTPS in Microsoft Edge Chromium
The new Edge Chromium has this feature built-in. If you are out of luck changing network properties on your computer, you can make sure the feature is enabled and set up right in Edge Chromium to still have a secure, more private surfing experience.
Go to edge://settings/privacy, scroll down to the Security section, and make sure the Use secure DNS option is checked and enabled. You also should select Choose a service provider and pick one of 4 available public and secure DNS providers.
Changes made here take effect immediately. No need to save or anything. Just set and go.
Note that the setting might only be available in version 87, via the Dev channel. So if you are still on the official channel in version 85, you may have to enable the Secure DNS lookups flag to be able to use DoH.
Since Edge Chromium shares the same engine as Google Chrome browser, you can enable and make sure DNS over HTTPS in Chrome as well.
Go to chrome://settings/security?search=dns and enable Use secure DNS similar to above.
To verify you are DOH ready
Things won’t go right without confirming it. To verify your computer or browser is capable of resolving DNS in a secure way, head over Cloudflare’s Browsing Experience Security Check page and click the Check My Browser button.
If you see a green check mark next to DNSSEC, you are all set.