How To Enable DNS over HTTPS (DoH) on Windows 10 or Edge Chromium

7

When you type a URL in the address bar and hit enter, the first thing the browser does is to do a DNS query to find where the website is. Traditionally speaking, DNS queries are sent over the internet in cleartext, which could very well lead to tracking and spoofing vulnerabilities that put your data at risk.

There are many servers in between your computer and the DNS server. Information travels through these servers, called on-path routers, can be tracked and used to create a profile of you with a record of all the websites that you look up. And that data is valuable and can be sold to other companies with a lot of money.

What’s worse than tracking is spoofing. If any of the servers act as a bad man in the middle, they can spoof you a wrong address for a site that could potentially steal your credentials, instead of serving you a right website you were asking for.

The answer to this is DNS over HTTPS, a protocol that performs DNS name solving via the HTTPS protocol, encrypting the data between the user and a DNS resolver.

DoH illustration 2 600x374 - How To Enable DNS over HTTPS (DoH) on Windows 10 or Edge Chromium
Picture via Chromium Blog

Enable DNS over HTTPS on Windows 10

To enable DOH system-wide on Windows 10, you first need to make a small registry tweak, adding a DWORD32 value called EnableAutoDOH in the following location and set its value to 2.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

And then set the DNS server address in your Network Adapter IP 4 protocol as one of the following public DNS.

  • Cloudflare – 1.1.1.1 or 1.0.0.1
  • Google DNS – 8.8.8.8 or 8.8.4.4
  • Quad9 – 9.9.9.9
image 3 - How To Enable DNS over HTTPS (DoH) on Windows 10 or Edge Chromium

Enable DNS over HTTPS in Microsoft Edge Chromium

The new Edge Chromium has this feature built-in. If you are out of luck changing network properties on your computer, you can make sure the feature is enabled and set up right in Edge Chromium to still have a secure, more private surfing experience.

Go to edge://settings/privacy, scroll down to the Security section, and make sure the Use secure DNS option is checked and enabled. You also should select Choose a service provider and pick one of 4 available public and secure DNS providers.

image 4 600x270 - How To Enable DNS over HTTPS (DoH) on Windows 10 or Edge Chromium

Changes made here take effect immediately. No need to save or anything. Just set and go.

Note that the setting might only be available in version 87, via the Dev channel. So if you are still on the official channel in version 85, you may have to enable the Secure DNS lookups flag to be able to use DoH.

edge://flags/#dns-over-https

image 7 600x222 - How To Enable DNS over HTTPS (DoH) on Windows 10 or Edge Chromium

Since Edge Chromium shares the same engine as Google Chrome browser, you can enable and make sure DNS over HTTPS in Chrome as well.

Go to chrome://settings/security?search=dns and enable Use secure DNS similar to above.

image 5 600x299 - How To Enable DNS over HTTPS (DoH) on Windows 10 or Edge Chromium

To verify you are DOH ready

Things won’t go right without confirming it. To verify your computer or browser is capable of resolving DNS in a secure way, head over Cloudflare’s Browsing Experience Security Check page and click the Check My Browser button.

If you see a green check mark next to DNSSEC, you are all set.

image 6 600x222 - How To Enable DNS over HTTPS (DoH) on Windows 10 or Edge Chromium

7 COMMENTS

  1. Thanks Kent, I was unaware the option even existed. I can’t resist using D’oh!

    It must be pretty new to Edge Chromium, it wasn’t in the version I was using.

    Also, not sure if it was intentional, but your article title says HTTP and not HTTPS.

    • Glenn, thanks for bringing them up. It’s definitely unintentional. It should be HTTPS everywhere we go. 🙂

      You are right. It appears in my Dev channel version. I’ve updated the post so others would notice.

  2. Allright, Kent Chen Ching Chong Walabala Bing Bang. None of these steps provided above did any good nor help me to get Doh up n running.

LEAVE A REPLY

Please enter your comment!
Please enter your name here