How to Use DNS Over HTTPS (DoH) to Improve Privacy and Security
Why DNS Privacy Matters
Every time you visit a website, your device performs a DNS (Domain Name System) lookup to translate the human-readable domain name (like example.com) into an IP address. Traditionally, these queries are sent in plain text over UDP or TCP, meaning anyone on your network — your ISP, a Wi-Fi hotspot operator, or even a malicious actor — can see exactly which sites you're visiting.
That lack of encryption exposes your browsing history, location, and habits. Worse, unencrypted DNS is vulnerable to DNS spoofing or man-in-the-middle attacks, where an attacker redirects you to a fake website without your knowledge.
What Is DNS Over HTTPS (DoH)?
DNS Over HTTPS (DoH) solves this by sending DNS queries through the same HTTPS protocol that secures your online banking and email. Instead of a separate, unencrypted connection, DoH wraps each DNS request inside an encrypted HTTPS session to a DoH-compatible resolver. This means:
- Your ISP or network admin cannot see which domains you query.
- Attackers cannot modify the response to send you to a malicious site.
- Your DNS traffic looks like regular web traffic, making it harder to block or censor.
DoH is not the same as DNS Over TLS (DoT), which uses a dedicated port (853) but still encrypts the query. Both improve privacy, but DoH is easier to implement in environments where only HTTPS traffic is allowed.
How to Enable DNS Over HTTPS
You can enable DoH at the browser level, the operating system level, or on your entire network. Below are the most common methods.
1. Enable DoH in Your Web Browser
Most modern browsers now support DoH. Here’s how to turn it on:
- Mozilla Firefox: Go to Settings → Privacy & Security → scroll to DNS over HTTPS → select Increased Protection and choose a provider (Cloudflare or NextDNS).
- Google Chrome: Go to Settings → Privacy and security → Security → scroll to Use secure DNS → toggle it on and choose a provider.
- Microsoft Edge: Similar path — Settings → Privacy, search, and services → scroll to Security → enable Use secure DNS.
Once enabled, your browser will send all DNS queries via HTTPS instead of plain text.
2. Enable DoH at the Operating System Level
For system-wide protection (covering all apps, not just the browser), configure DoH in your OS:
- Windows 11: Go to Settings → Network & internet → select your network (Wi-Fi or Ethernet) → DNS server assignment → Edit → set DNS to Manual and enter a DoH-compatible address (e.g.,
1.1.1.1for Cloudflare). Then toggle DNS over HTTPS (Automatic) on. - macOS: macOS doesn’t have a built-in DoH toggle for all networks, but you can install a profile from your DNS provider (e.g., Cloudflare’s
1.1.1.1profile) or use a third-party tool like Quad9’s configuration script. - Android 9+: Go to Settings → Network & internet → Private DNS → select Private DNS provider hostname and enter
cloudflare-dns.comordns.quad9.net. - iOS/iPadOS: Use the built-in configuration profile or download the 1.1.1.1: Faster & Safer Internet app from Cloudflare.
3. Enable DoH on Your Router
If your router supports DoH (look for a “DNS over HTTPS” or “Secure DNS” option in the admin panel), you can protect every device on your network — including smart TVs, IoT gadgets, and game consoles. This is the most comprehensive approach.
Real-World Example: Setting Up Cloudflare’s DoH
Let’s walk through a typical scenario. Suppose you’re a domain investor who frequently checks newly listed domains. Without DoH, your ISP could log every domain you look up — including your potential investments. With DoH, those queries remain private.
Step 1: Choose a trusted DoH provider. Cloudflare’s 1.1.1.1 is fast and privacy-focused. Quad9 (9.9.9.9) blocks known malicious domains. Google’s 8.8.8.8 also supports DoH.
Step 2: Enable DoH in your browser (as described above) or system-wide.
Step 3: Verify that DoH is working. You can use the DNS Analyzer on Whose.Domains to run a DNS lookup on your own domain — the tool will show the resolver’s response. If the query came via DoH, your privacy is intact. You can also check https://1.1.1.1/help (Cloudflare’s test page) to confirm DoH is active.
Actionable Tips for Domain Owners and Investors
- Always enable DoH when conducting domain research or valuations to keep your browsing behavior private.
- Use a DNS that blocks malware (like Quad9) to protect your system when visiting unknown domains.
- Check your domain’s DNS health regularly with a tool like the DNS Analyzer to spot misconfigurations or unauthorized changes.
- Combine DoH with a VPN for even stronger privacy — the VPN hides your IP, and DoH hides your DNS queries.
- Educate your clients if you manage websites for others; encourage them to use DoH for all online activities.
Potential Downsides and Considerations
DoH isn’t perfect. Some organizations rely on local DNS filtering for parental controls or security (e.g., blocking phishing sites). DoH bypasses those filters, so you may need to configure a custom DoH provider that respects your policies. Additionally, DoH can add a slight latency overhead because of the encryption handshake — though modern CDN-backed resolvers like Cloudflare and Quad9 keep it negligible.
Also, DoH only protects the DNS lookup itself. It does not encrypt the content of the website you visit — for that you still need HTTPS. And if an attacker controls your network, they could still interfere with non-DNS traffic.
Conclusion
DNS Over HTTPS is a simple, powerful way to reclaim your privacy every time you type a URL. By encrypting your DNS queries, you prevent prying eyes from tracking your digital footprint and reduce the risk of DNS-based attacks. Whether you enable it in your browser, on your device, or across your entire network, the steps are straightforward and the benefits immediate.
Start today by choosing a trusted DoH provider, turning it on, and verifying the change using our DNS Analyzer. Your browsing history will thank you.