How to Configure DNS-over-HTTPS for Private Browsing
Estimated time: 15 minutes
Protect your privacy with WeTalkin
End-to-end encrypted messaging with zero metadata collection.
Understand Why DNS Privacy Matters
Every time you visit a website, your device sends a DNS query to translate the domain name like example.com into an IP address. By default, these DNS queries are sent in plain text over your network, meaning your internet service provider, network administrator, and anyone monitoring the network can see every website you visit. Even if the website itself uses HTTPS encryption, the DNS query happens before the encrypted connection is established, creating a privacy gap. DNS-over-HTTPS (DoH) solves this by encrypting DNS queries within regular HTTPS traffic, making them indistinguishable from normal web browsing. This prevents your ISP from logging the websites you visit, prevents network-level censorship based on DNS filtering, and protects against DNS spoofing attacks where an attacker redirects you to malicious websites. DNS-over-HTTPS is supported by all major browsers and operating systems, making it accessible to everyone regardless of technical expertise.
Choose a Privacy-Respecting DNS Provider
Not all DNS providers are equally privacy-respecting. Avoid using your ISP default DNS servers, as they typically log all your queries and may sell this data to advertisers or share it with government agencies. Recommended privacy-respecting DNS providers include Quad9 at dns.quad9.net, which blocks malicious domains and does not log user queries. Cloudflare at 1.1.1.1 or one.one.one.one promises to never sell user data and deletes logs within 24 hours. Mullvad DNS at dns.mullvad.net offers ad-blocking DNS with no logging. AdGuard DNS at dns.adguard-dns.com blocks ads and trackers at the DNS level. NextDNS at dns.nextdns.io offers customizable filtering with privacy-focused logging options. Each provider has different strengths. Quad9 focuses on security by blocking known malicious domains. AdGuard DNS adds ad and tracker blocking. NextDNS offers the most customization. Consider what is most important to you: pure privacy, ad blocking, malware protection, or customizable filtering.
Enable DNS-over-HTTPS in Firefox
Firefox has the most mature DNS-over-HTTPS implementation among browsers. Open Firefox, go to Settings, then Privacy & Security. Scroll down to the DNS over HTTPS section. Select Max Protection mode, which ensures all DNS queries use encrypted DoH and never fall back to unencrypted DNS. Choose your preferred DNS provider from the dropdown menu or enter a custom provider URL. If you chose Quad9, enter https://dns.quad9.net/dns-query. For AdGuard, enter https://dns.adguard-dns.com/dns-query. For NextDNS, enter https://dns.nextdns.io/your-config-id (replace with your actual NextDNS configuration ID). After configuration, Firefox will route all DNS queries through the encrypted HTTPS channel to your chosen provider. To verify it is working, visit the provider test page or use a DNS leak test website. The test should show your chosen DNS provider rather than your ISP DNS servers. If you experience issues with certain websites, you can add exceptions or temporarily switch to a less strict mode.
Unlock all guides with SeekerPro
Unlimited access to 6,400+ articles, premium privacy guides, and all Blossend platforms.
Enable DNS-over-HTTPS on Windows
Windows 11 supports system-wide DNS-over-HTTPS. Open Settings, then Network & Internet, then your active network connection (Wi-Fi or Ethernet). Click on Hardware Properties or DNS Server Assignment. Click Edit next to DNS server assignment. Switch from Automatic to Manual. Enable IPv4 and enter the DNS provider IP address. For Cloudflare, use 1.1.1.1 as primary and 1.0.0.1 as secondary. For Quad9, use 9.9.9.9 as primary and 149.112.112.112 as secondary. For AdGuard, use 94.140.14.14 as primary and 94.140.15.15 as secondary. Under each DNS address, set the DNS over HTTPS dropdown to On (automatic template) or On (manual template) and enter the DoH template URL. Click Save to apply the settings. This configuration encrypts DNS queries for all applications on your computer, not just the browser. On Windows 10, system-wide DoH is available in newer builds through similar network settings. If your Windows version does not support native DoH, use the browser-level configuration or install a DoH client application.
Protect your privacy with WeTalkin
End-to-end encrypted messaging with zero metadata collection.
Enable DNS-over-HTTPS on macOS and Mobile Devices
On macOS, system-wide DNS-over-HTTPS requires installing a DNS configuration profile. Download a profile from your chosen DNS provider website. For Cloudflare, visit one.one.one.one and download the macOS profile. For AdGuard, visit adguard-dns.io and download the macOS profile. Open the downloaded profile, which will appear in System Preferences under Profiles. Click Install to activate the encrypted DNS configuration. On iPhone, install a DNS profile from your provider or use the Settings, General, VPN & Device Management section to install downloaded profiles. On Android, go to Settings, Network & Internet, Private DNS, and enter your provider hostname such as dns.adguard-dns.com. Android Private DNS uses DNS-over-TLS, which is slightly different from DNS-over-HTTPS but provides equivalent encryption protection. After configuration on any device, verify by visiting a DNS leak test website. Ensure the results show your chosen DNS provider rather than your ISP. Some routers also support DNS-over-HTTPS configuration, which protects all devices on your home network automatically.
Test and Troubleshoot Your DNS-over-HTTPS Configuration
After enabling DNS-over-HTTPS, thorough testing ensures everything is working correctly. Visit dnsleaktest.com and run the extended test. All results should show servers belonging to your chosen DNS provider, not your ISP. If you see your ISP DNS servers in the results, your configuration may not be applied correctly or your system may be falling back to unencrypted DNS. Visit browserleaks.com/dns for an additional independent test. If you configured DNS-over-HTTPS in your browser but still see ISP DNS in system-level tests, the browser configuration is working but system applications may still use unencrypted DNS. For complete protection, configure DoH at the system level. Common issues include corporate networks that block DoH traffic, in which case you may need to discuss with your IT department or use a VPN that tunnels all traffic including DNS. Some networks use captive portals for login that require standard DNS to function. If you cannot connect to a new Wi-Fi network, temporarily disable DoH to complete the login process, then re-enable it.
What You Accomplished
By completing this guide, you have successfully worked through 6 steps covering "How to Configure DNS-over-HTTPS for Private Browsing". Here is a summary of what you achieved:
- ✓Understand Why DNS Privacy Matters
- ✓Choose a Privacy-Respecting DNS Provider
- ✓Enable DNS-over-HTTPS in Firefox
- ✓Enable DNS-over-HTTPS on Windows
- ✓Enable DNS-over-HTTPS on macOS and Mobile Devices
- ✓Test and Troubleshoot Your DNS-over-HTTPS Configuration
Frequently Asked Questions
What does the "How to Configure DNS-over-HTTPS for Private Browsing" guide cover?
This guide walks you through 6 steps to complete "How to Configure DNS-over-HTTPS for Private Browsing". Every time you visit a website, your device sends a DNS query to translate the domain name like example.com into an IP address. By default, these DNS queries are sent in plain text over your network, meaning your internet service provider, network administrator, and anyone monitoring the network can see every website you visit. Even if the website itself uses HTTPS encryption, the DNS query happens before the encrypted connection is established, creating a privacy gap. DNS-over-HTTPS (DoH) solves this by encrypting DNS queries within regular HTTPS traffic, making them indistinguishable from normal web browsing. This prevents your ISP from logging the websites you visit, prevents network-level censorship based on DNS filtering, and protects against DNS spoofing attacks where an attacker redirects you to malicious websites. DNS-over-HTTPS is supported by all major browsers and operating systems, making it accessible to everyone regardless of technical expertise.
How long does it take to complete "How to Configure DNS-over-HTTPS for Private Browsing"?
This guide is rated intermediate difficulty and takes approximately 15 minutes to complete. It covers 6 steps in the network-privacy category.
Related Guides
Unlock All Guides with SeekerPro
Get unlimited access to all 6,400+ privacy articles, premium guides, group creation, and unlimited messaging across every Blossend platform.
View PlansYour conversations should be yours alone
WeTalkin: End-to-end encrypted messaging with zero metadata collection. No ads. No data harvesting. Just private conversation.
Subscribe to Privacy Newsletter
App returning to stores soon. Join 10,000+ privacy advocates.
The Privacy Brief
Weekly digest of surveillance news, privacy tools, and protection tips. Free.
Ready for real privacy?
Join thousands choosing privacy over surveillance with WeTalkin.
NexusBro helps developers catch bugs and SEO issues before they reach production. Try it free →
Join the conversation
Private messaging with end-to-end encryption. No phone number required.
Get Started FreeReady to Take Back Your Privacy?
WeTalkin is end-to-end encrypted messaging with zero data collection. No phone number required. Your conversations stay yours.
Trusted by 10,000+ privacy advocates. Free to start.