Table of contents
- DNS over HTTPS: what it is and how it works
- What is the purpose of DNS over HTTPS
- Security and privacy benefits of DNS over HTTPS
- Drawbacks of using DNS over HTTPS
- How to set up and use DNS over HTTPS in Windows 11
In recent years, network and internet security and privacy have become critical concerns for all users. Every time we browse online, our device sends resolution requests to DNS servers to translate the names of the websites we visit nto their corresponding IP addresses. However, the traditional Domain Name System does not provide encryption, making these requests visible to third parties.
DNS over HTTPS (DoH) is an innovative solution that enhances browsing security by encrypting DNS queries with HTTPS.
This article explores what the DNS over HTTPS model is, its benefits and drawbacks, and how to configure DNS over HTTPS in Windows 11 for a safer browsing experience.
DNS over HTTPS: what it is and how it works
DNS over HTTPS (DoH) is a protocol that integrates traditional DNS resolution with HTTPS encryption. Instead of sending unprotected requests, DoH uses encrypted communication to obscure queries from external observers, protecting users from attacks and surveillance.
With DoH, DNS queries are encrypted and transmitted through HTTPS, preventing ISPs, governments, or hackers from monitoring the domains visited. This system was introduced by Google and Mozilla in 2018 and later integrated into Windows 11 and other operating systems.
What is the purpose of DNS over HTTPS
The primary goal of the DoH protocol is to enhance user privacy and prevent cyber threats. Here are some key use cases where DNS over HTTPS is particularly useful:
- Protection against man-in-the-middle attacks
Without DoH, hackers can intercept DNS resolution requests and redirect users to malicious sites (DNS spoofing).
- Increased browsing anonymity
ISPs and other entities can no longer monitor DNS requests, enhancing user privacy.
- Bypassing censorship
Some governments block access to certain websites by manipulating DNS. DoH makes it harder to enforce such restrictions.
- Improved security on public networks
In airports, cafés, and other public Wi-Fi hotspots, DoH prevents malicious actors from intercepting DNS traffic.
Security and privacy benefits of DNS over HTTPS
Enabling DNS over HTTPS offers several advantages for data protection and secure browsing:
- Encrypted DNS queries
Prevents ISPs and hackers from monitoring browsing activities.
- Reduced online tracking
ISPs can no longer collect user data based on DNS requests.
- Protection against DNS hijacking
Prevents attackers from manipulating DNS records to redirect users to fake websites.
- Enhanced corporate security
Helps businesses secure employee connections when working remotely.
Drawbacks of using DNS over HTTPS
Despite its advantages, adopting DNS over HTTPS also presents some challenges:
- Reduced visibility for enterprises
Many organizations monitor DNS traffic to detect threats and cyberattacks. DoH makes this monitoring less effective.
- Difficulty in blocking malicious sites
Network administrators can no longer filter DNS traffic to prevent access to harmful websites.
- Greater reliance on external DNS providers
Services like Cloudflare DNS, Google, or Quad9 become crucial for DNS resolution, increasing the risk of centralization.
- Limited compatibility
Not all devices and operating systems support DoH, potentially causing interoperability issues.
How to set up and use DNS over HTTPS in Windows 11
Microsoft introduced native support for DNS over HTTPS in Windows 11, allowing users to enable it without modifying browser settings.
Here’s how to configure it:
- Open Settings and select Network & Internet;
- Click on your active connection (Wi-Fi or Ethernet);
- Scroll down and click Modify next to DNS Server Assignment;
- Choose Manual and enable Internet Protocol Version 4 (TCP/IPv4);
- Enter the IP addresses for your preferred DNS server and alternative DNS server (e.g., 1.1.1.1 and 1.0.0.1 for Cloudflare);
- Select Encrypted only (DNS over HTTPS) for both;
- (Optional) Repeat step 5 for Internet Protocol Version 6 (IPv6) if you want to enable it for IPv6 connections;
- Save the changes.
After completing the setup, all DNS resolution requests will be encrypted using the DoH protocol, significantly enhancing connection security.
Conclusion
DNS over HTTPS is a major advancement in improving security and privacy in web browsing. While it has some drawbacks, its benefits in preventing cyberattacks and bypassing censorship make it a recommended choice for anyone looking to browse more securely.
Configuring DNS over HTTPS in Windows 11 is a straightforward process that provides immediate security enhancements.
Questions and answers
- What is DNS over HTTPS?
It is a protocol that encrypts DNS requests using HTTPS, preventing third parties from monitoring browsing activities. - How is DNS over HTTPS different from traditional DNS?
Traditional DNS sends queries in plaintext, while DNS over HTTPS protects them with encryption. - What are the main advantages of DNS over HTTPS?
It enhances privacy, prevents interception, and protects against cyber threats like DNS spoofing. - What are the drawbacks of using DNS over HTTPS?
It can make it harder for organizations to block harmful sites and monitor network security. - Does Windows 11 support DNS over HTTPS?
Yes, Windows 11 includes native support for the DoH protocol. - How do I enable DNS over HTTPS in Windows 11?
You can configure it in the network settings by selecting manual DNS and enabling DoH encryption. - Which DNS providers support DoH?
Google, Cloudflare, Quad9, and OpenDNS offer DoH-compatible DNS servers. - Does DoH work with all browsers?
Yes, Chrome, Firefox, and Edge support DNS over HTTPS. - Can I use DoH on Windows Server 2022?
Yes, following the same setup process as in Windows 11. - Does DoH affect internet speed?
It may slightly increase latency, but the impact is usually minimal.
