How to Set Up DNS-over-HTTPS (DoH): A Complete Beginner's Guide

What Is DNS-over-HTTPS (DoH)?

Every time you visit a website, your device sends a DNS query — essentially asking "what IP address does this domain name belong to?" Traditionally, these queries are sent in plain text, meaning your Internet Service Provider (ISP), network admins, or anyone monitoring your traffic can see every domain you look up.

DNS-over-HTTPS (DoH) solves this by encrypting DNS queries inside standard HTTPS traffic — the same protocol that secures your banking and shopping. This makes your DNS lookups indistinguishable from normal web browsing, protecting your privacy at the network level.

Why DoH Matters

• Prevents ISP snooping: Your ISP can no longer log every domain you visit.
• Stops DNS hijacking: Attackers can't intercept and redirect your queries to malicious sites.
• Circumvents censorship: Encrypted DNS bypasses simple DNS-based content filtering.
• Reduces tracking: Harder for third parties to build browsing profiles based on DNS data.

Step-by-Step: Enabling DoH on Different Platforms

In Google Chrome

1. Open Chrome and go to chrome://settings/security.
2. Scroll to "Use secure DNS" and toggle it on.
3. Choose a provider from the dropdown (e.g., Cloudflare, Google, NextDNS) or enter a custom DoH URL.

In Mozilla Firefox

1. Go to about:preferences#general and scroll to Network Settings.
2. Click Settings… and check "Enable DNS over HTTPS".
3. Select a provider or enter your own resolver URL.

On Windows 11

1. Open Settings → Network & Internet → Wi-Fi (or Ethernet).
2. Click your active connection, then click Edit next to DNS server assignment.
3. Switch to Manual, enable IPv4, and enter your preferred DNS IP (e.g., 1.1.1.1 for Cloudflare).
4. Set the DNS over HTTPS dropdown to On (automatic template).

On Android 9+

1. Go to Settings → Network & Internet → Advanced → Private DNS.
2. Select "Private DNS provider hostname".
3. Enter a DoT/DoH hostname such as dns.nextdns.io/your-id or cloudflare-dns.com.

Popular DoH Providers

Provider	DoH URL	Logging Policy
Cloudflare	https://cloudflare-dns.com/dns-query	No persistent logs
Google	https://dns.google/dns-query	Temporary logs
NextDNS	https://dns.nextdns.io/[your-id]	Configurable
Quad9	https://dns.quad9.net/dns-query	No personal data

DoH vs. DoT: Which Should You Use?

DNS-over-TLS (DoT) also encrypts DNS queries but uses a dedicated port (853), making it easier for network admins to identify and potentially block. DoH blends in with regular HTTPS traffic on port 443, offering stronger privacy in restrictive environments. For most users, DoH is the more practical choice.

Final Tips

• Enabling DoH at the browser level only protects DNS from within that browser. System-wide configuration is more thorough.
• Pair DoH with a VPN for maximum privacy.
• If you run Pi-hole or AdGuard Home, configure them to use an upstream DoH resolver for network-wide encrypted DNS.