How to Enable DNS-over-HTTPS on Windows 11

What Causes This?

By default, Windows 11 may still use standard DNS, which sends your DNS lookups unencrypted unless you manually switch to a DNS-over-HTTPS (DoH) provider. This usually happens because your current DNS server does not support DoH, your network adapter is still set to automatic DNS from your router or ISP, or the encrypted DNS option has not been enabled in Windows settings. In some cases, older router settings, VPN apps, or security software can also override your DNS configuration.

Common Symptoms

• Your ISP or network provider can still see the websites you look up
• Windows shows standard DNS settings with no encryption enabled
• DNS-over-HTTPS options are missing or grayed out
• Websites load normally, but your connection is less private than expected
• Custom DNS settings keep changing back after a restart

How to Fix It Manually

1. Open Windows Settings

   • Press Windows + I to open Settings.
   • Click Network & internet.

2. Open your active network connection

   • If you use Wi-Fi, click Wi-Fi, then select your connected network.
   • If you use Ethernet, click Ethernet.
   • Find the DNS server assignment section and click Edit.

3. Change DNS from Automatic to Manual

   • In the Edit DNS settings window, change Automatic (DHCP) to Manual.
   • Turn on IPv4.
   • Enter a DNS provider that supports DNS-over-HTTPS. For example:
     • Cloudflare: Preferred DNS 1.1.1.1, Alternate DNS 1.0.0.1
     • Google: Preferred DNS 8.8.8.8, Alternate DNS 8.8.4.4
   • For each DNS entry, set DNS over HTTPS to On (automatic template) if available.

4. Save the settings

   • Click Save.
   • Windows should now use encrypted DNS for that network adapter.

5. If the DoH option does not appear, add the provider manually

   • Press Windows, type PowerShell, then right-click Windows PowerShell and choose Run as administrator.
   • To add Cloudflare, run:

     netsh dns add encryption server=1.1.1.1 dohtemplate=https://cloudflare-dns.com/dns-query autoupgrade=yes udpfallback=no
     netsh dns add encryption server=1.0.0.1 dohtemplate=https://cloudflare-dns.com/dns-query autoupgrade=yes udpfallback=no

   • Then go back to Settings > Network & internet > your connection > DNS server assignment > Edit and set the DNS addresses again.

6. Flush old DNS entries

   • Open Command Prompt as administrator.
   • Run:

     ipconfig /flushdns

   • This clears cached DNS results so Windows starts using the new encrypted resolver immediately.

7. Check for software conflicts if settings keep reverting

   • Disable any VPN, antivirus web shield, or third-party network utility temporarily.
   • Restart your PC and check whether your DNS settings remain saved.
   • If your router forces ISP DNS, you may need to adjust router settings or keep manual DNS set on the PC.

8. Verify that encrypted DNS is active

   • Return to Settings > Network & internet > your connection.
   • Confirm your DNS servers are listed and the encryption setting shows On.
   • You can also test by visiting a DNS leak or secure DNS test site in your browser.

Fix It Automatically with Kudu

Kudu can scan your Windows 11 network configuration, detect weak or inconsistent DNS settings, and apply safer optimized settings automatically. It is especially useful if DNS options are missing, reverting, or being overridden by other software, saving you from digging through PowerShell and network menus.

Download Kudu Free →