To make your Internet connections more confidential, and in particular to prevent your ISP from knowing or blocking the websites you visit, activate the DNS over HTTPS mode: a very simple operation in Windows.
When you surf the web, you type the address of the site you want to visit into your browser’s address bar. This address, written in full – like https://www.google.com for example – actually corresponds to a server IP address presented in the form of a series of four numbers separated by a dot, for example 216.58. 215.46 for Google. Less obvious to remember. This is why there are DNS (Domain Name System or French domain name system) which match domain names to IP addresses.
Nevertheless, if the connection to websites is now encrypted – encrypted – with the HTTPS protocol (Hyper text Transfer Protocol Secured or secure transfer protocol in French), this is not the case with the inevitable DNS requests. So your Internet Service Provider (ISP), which provides its own DNS by default, knows exactly which sites you are visiting. For more confidentiality, you can not only use other DNS servers (see our fact sheet to find out more), but also opt for connection encryption when you access them. This is the principle of DNS over HTTPS (DoH). Here the HTTPS protocol is also applied to DNS resolution. Your ISP will therefore no longer be able to monitor the sites you visit. In addition, this method also allows you to access websites that your ISP may block. The only drawback of this solution: it can slightly slow down your connection. Here’s how to enable it in Windows 10 and 11. Note that with Windows 10, an operation in the Registry Editor is required to enable this tweak.
No need to dive into the Windows registry to make this change. The system network settings offers a dedicated menu.
► Press the keys Win + I to open Windows Settings. In the window that appears, click Network and Internet in the left column.
► Then click on the menu corresponding to the connection you are using (Wireless Where ethernet, in our case). Scroll down the contents of the window. To section DNS Server AssignmentClick on the button Edit.
► A small window appears. Click on the drop-down menu it presents and choose Manual.
► Now activate the switch IPv4. In the field Preferred DNS, indicate a DNS server (different from that proposed by your ISP of course). There are many free DNS as we present here. Indicate the IP address corresponding to the one you have chosen. In our example, it is that of CloudFlare. Repeat the operation by indicating the second address in the field Other DNS.
► As you may have noticed, a drop-down menu DNS encryption appeared under each of the two fields. Click on it and choose Encrypted only (DNS over HTTPS). Apply this setting for the Preferred DNS and Other DNS. When everything is ready, confirm with To register.
► The connection to DNS servers is now encrypted as indicated by Windows.
The previous version of Microsoft’s operating system is found to be less prone to enabling DoH mode. A small modification of the register is essential above all.
► Press the keys Win + R of the keyboard. In the window that appears, type Regedit and confirm to open the registry editor. Now unroll the key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters
► Click with the right mouse button in the central part of the window. From the menu that appears, choose New > 32-bit DWORD value.
► Give the name of EnableAutoDoh to this new value. Then double-click on its name. In the field Value dataindicate 2 and validate. Then close the registry editor.
► Now all that remains is to change the addresses of the DNS servers as we explain in our practical sheet. Here are some DoH-compliant DNS servers.
Cloudflare
Primary DNS: 1.1.1.1
Secondary DNS: 1.0.0.1
Google Public DNS
Primary DNS: 8.8.8.8
Secondary DNS: 8.8.4.4
Quad9
Primary DNS: 9.9.9.9
Secondary DNS: 149.112.112.112