How to Activate DNS-over-HTTPS, or DoH, in Windows 10

Although we visit a web page through the HTTPS protocol, and our data travels encrypted, the requests we make to the DNS server are always made in plain text, without encryption. This allows large companies and Internet providers to keep track of all the websites we visit, being one of the biggest data leaks when we surf the net. Luckily, the weakest points of the connections are gradually being shielded, and thanks to DNS-over-HTTPS this will not happen again.

DNS-over-HTTPS, or DoH, is a protocol designed to send DNS requests through the HTTPS protocol , that is, with encryption. In order to use this function, it is necessary, on the one hand, that the software we use (for example, the browser or program) is compatible with this protocol, and on the other hand, that our DNS server is compatible with the protocol. If both requirements are not met, the requests will continue to function as usual, unencrypted.

Activate DNS-over-HTTPS, or DoH, in Windows 10

Google Chrome and Firefox, for example, are browsers that support this protocol, at least experimentally. However, everything we do outside of them will not be able to take advantage of this privacy measure, until now.

Requirements to enable DNS-over-HTTPS in Windows 10

The first thing to do is make sure Windows 10 is updated to at least build 19628 , as it was in this build that DoH support was added. If we have a previous build of the operating system, DNS-over-HTTPS will not be available to users.

To check the build that we have installed on our PC, what we must do is run the “winver” command within the search box, or in a Windows run window, and check the “version” section that we will see in the new window .

Comprobar versión build compilación W10

In addition, we will also need to configure a DNS compatible with this protocol in Windows. The DNS that are currently compatible with DoH are the following:

Server IPv4 IPv6
Google 8.8.8.8
8.8.4.4
2001: 4860: 4860 :: 8888
2001: 4860: 4860 :: 8844
Cloudflare 1.1.1.1
1.0.0.1
2606: 4700: 4700 :: 1111
2606: 4700: 4700 :: 1001
Quad9 9.9.9.9
149,112,112,112
2620: faith :: faith
2620: faith :: faith: 9

Change DNS in Windows 10

To change the DNS in Windows 10, the first thing we must do is open the Configuration menu of the operating system and we will go to the ” Network and Internet> Status ” section. Here what we have to do is locate the connection we are using and open the properties panel by clicking on its corresponding button.

Propiedades de red en configuración de Windows 10

Within this new panel we will find a section called “IP Configuration”. We click on the “Edit” button and we will manually edit the IP .

Editar IP de red en Windows 10

We must make sure to introduce any of the DNS servers that we have seen in the previous point as primary and secondary. Ideally, both should be compatible with DoH to always be protected and encrypt communications with this server.

Configurar DNS seguros con DNS-over-HTTPS en Windows 10

Once these DNS are entered, we will be ready to start browsing safely in Windows. But before that we will have to activate this function, which, by default, is deactivated.

Enable DNS-over-HTTPS in Windows

In order to activate this feature in Windows 10 we must make a simple change in the operating system registry. To do this, the first thing we will do is run the “regedit” command within the Windows 10 search bar, or in a run window, and we will navigate to the following directory:

HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>Dnscache>Parameters

Here we will create a new 32-bit DWORD value, and name it “EnableAutoDoh”. Once created, we edit it by double clicking on it and we will assign the value “2” to have it activated.

Activar DoH regedit W10

We restart the computer and voila. When it turns on again, we will be browsing from Windows 10 through DNS-over-HTTPS. Although before starting to trust it we will have to check it.

Check if DoH is activated

Activating this feature in Windows 10, and configuring a DNS compatible with the DNS-over-HTTPS protocol, we will already have everything necessary to start browsing safely, without compromising our privacy.

However, DNS requests are normally invisible, and we cannot see or control them. The ideal would be to use sniffer software to capture all the packets on our network and see if DNS requests are being sent in plain text or they are all encrypted. However, this is a very advanced task, and surely not necessary.

We can use an online security checker, like the one offered by Cloudflare , to ensure that all DNS requests made from our computer do so through this secure protocol. The section that interests us to check the operation of DNS-over-HTTPS is ” Secure DNS “.

DoH activado y funcionando en W10

The use of DNS-over-HTTPS does not imply any inconvenience for our computer, only advantages. Same performance and same compatibility as well as greater security and privacy of the connections. Therefore, whenever possible it is advisable to make sure to use this protocol.