Using the Windows GUI with DoH

Windows 11 uses DNS over HTTPS (DoH) to enhance the privacy and security of your online activities. Traditionally, when you visit a website, your computer sends a request to a DNS server to find its IP address, but this process occurs without encryption, potentially exposing your browsing habits. With DoH, your DNS requests are encrypted, safeguarding them from interception or tampering. To enable DoH on your Windows 11 PC, follow these simple steps using the Settings app. By choosing encrypted DNS servers and toggling DoH on for both IPv4 and IPv6 connections, you ensure that your DNS queries remain private and secure, enhancing your online safety.

Encrypted DNS Is More Private and Secure

When you access a website using a domain name, your computer sends a request to a Domain Name System (DNS) server. The DNS server then retrieves the matching IP address from a list and sends it back to your computer for connection to the site.

This process of fetching domain names occurred without encryption on the network, making it susceptible to interception at any point along the way. However, with DNS over HTTPS (DoH), communication between your computer and a DoH-enabled DNS server is encrypted. This ensures that no one can intercept or tamper with your DNS requests, safeguarding the addresses you visit as well as responses from the DNS server.

To enable DoH, you need to choose two sets of DNS servers, primary and secondary for both IPv4 and IPv6, to use with your Windows computer.The Server IP addresses for DOH will be 52.119.41.200 or 103.80.6.200.

Creating a DoH Profile

To create a DoH Profile and obtain your FQDN go to the General page of the Create New Security Policy wizard in the Infoblox Portal (Infoblox Services Portal > Configuration > Security). Copy the auto-generated FQDN, or click regenerate to generate a new FQDN. Note that DoH per Policy must be enabled in order to obtain the FQDN.

Open

Image: Enabling DoH in the Infoblox Portal. DoH per Policy must be toggled to the Enabled position in order to obtain your FQDN.

Enabling DoH in Windows 11 using the Windows GUI

To configure DNS over HTTPS, access the Settings app by pressing Windows+i on your keyboard. Alternatively, you can right-click the Start button and choose Settings from the context menu.

Once in the Settings, navigate to Network & Internet located in the sidebar. Within the Network & Internet settings, select your primary internet connection from the list, for example, "Wi-Fi" or "Ethernet." Avoid clicking on Properties near the top of the window as it does not facilitate encrypting your DNS connections.

On the network connection's properties page, select Hardware Properties.

On the Wi-Fi or Ethernet hardware properties page, find the "DNS Server Assignment" option and click the Edit button next to it. In the pop-up window, choose Manual from the drop-down menu for DNS settings. Next, switch on IPv4 by toggling it to the On position.

In the IPv4 section, enter the primary DNS server address you chose in the Preferred DNS box (for example , "52.119.41.200"). Similarly, enter the secondary DNS server address in the Alternate DNS box (for example, "52.119.41.200").

In the same window, set DNS Over HTTPs to the On position.

Now, repeat this same process with IPv6.

Flip the IPv6 switch to the On position, and then copy a primary IPv6 address and paste it into the Preferred DNS box. Next, copy a matching secondary IPv6 address and paste it into the Alternate DNS box. Make sure you have enabled DNS Over HTTPs, then click Save.

On the Wi-Fi or Ethernet hardware properties page, you'll see your DNS servers listed with an "(Encrypted)" beside each one of them.

Close the Settings app. Your DNS requests will be private and secure.

>