DNS over HTTPS (DoH) is a great new security and privacy standard for encrypting DNS requests, and most browsers will probably enable it by default in the future. Currently, though, only Firefox really makes it easy to switch on. Other browsers, if they support it at all, are mostly still treating DoH as an experimental feature, so you’ll have to go through a few extra steps to make it work.
Why should I enable DNS over HTTPS?
When you visit a site, your computer first needs to find the address of that site’s server, so it sends out a query to a DNS server asking for the IP address that connects to the name you typed in. Up until quite recently, that request could only be sent in plaintext (unencrypted data), which means third parties can theoretically read it and figure out where you’re trying to go, even if your connection to the server is encrypted with HTTPS.
DNS over HTTPS simply uses the HTTPS protocol to encrypt your DNS request so it can’t be read, which is pretty much a no-brainer in terms of making browsing more secure and private. It’s not so popular with services that want to block web traffic using DNS filtering, but that’s a different debate.
Enable DNS over HTTPS in Firefox
The first browser to support DNS over HTTPS, Firefox is also the easiest one to configure:
1. Go to “Options” or type
about:preferences into the address bar.
2. With the General tab selected, scroll down until you see “Network Settings.” Select “Settings …”
3. In the pop-up menu, scroll down again until you see “Enable DNS over HTTPS.”
4. Select either Cloudflare (Firefox’s default provider) or Custom, which lets you use another provider like Quad9 or Google Public DNS.
That’s it! Your DNS requests using Firefox should now be encrypted.
There’s no setting in Firefox mobile yet, but you can still enable it (at least on Android) with the following steps:
about:config in the address bar.
2. Search for “network.trr.mode,” and use the up arrow button to set it to 2.
You now have DNS over HTTPS in Firefox for Android!
Enable DNS over HTTPS in Chrome/Chromium-based browsers
Chrome has DNS over HTTPS, but it’s currently listed as a “flag,” which is an experimental feature that isn’t quite ready to be rolled out to the public. Playing around with these features could cause Chrome to become unstable, but the DoH flag shouldn’t have any adverse effects. As it is an experimental feature, though, it may not always work as expected, so you shouldn’t necessarily depend on a Chromium-based browser to always be using DoH until it’s fully supported in a stable build.
If you’re interested in the other flags, you can access them by entering chrome://flags into the address bar.
The same general steps apply both to Chrome and to every browser built using the Chromium codebase. The only thing you might need to change is the browser name at the beginning (see the list below), but I’ve found that the Chrome flag actually works on almost all Chromium browsers.
1. For Chrome, enter chrome://flags/#dns-over-https.
2. Find the option titled “Secure DNS lookups” and use the menu on the right to change its status to Enabled.
3. Relaunch Google Chrome to apply the setting.
This works on both the desktop and mobile versions of Chrome.
Enable DNS over HTTPS in Edge (Chromium)
Microsoft’s Edge browser in its EdgeHTML form does not support DNS over HTTPS, but the Chromium version does. As of November 2019, you can download and use the Chromium beta version, though, and that should be rolling out to the general public on January 15th, 2020.
When that happens you’ll be able to turn on DoH using edge://flags/#dns-over-https.
Enable DNS over HTTPS in Brave (Chromium)
Brave is a great privacy/ad-blocking/crypto browser, and it’s pretty much the same as Chrome in terms of turning on DNS over HTTPS.
Just enter brave://flags/#dns-over-https into the address bar.
For mobile, only chrome://flags/#dns-over-https currently works.
Enable DNS over HTTPS in Opera (Chromium)
Opera moved to Chromium source code in 2013, so it follows the same formula as any other Chromium browser.
Just enter opera://flags/#dns-over-https into the address bar to find the relevant setting.
This currently doesn’t seem to work on Opera’s mobile versions.
Enable DNS over HTTPS in Vivaldi (Chromium)
This highly-customizable productivity browser has been bouncing around the Web for a while, and thanks to its Chromium codebase, it’s pretty easy to set Vivaldi to DNS over HTTPS.
Just enter vivaldi://flags/#dns-over-https into the address bar.
Vivaldi’s mobile beta does not currently include a DoH option.
Other Chromium-based browsers
If you’re using any other type of Chromium-based browser, you can just follow the pattern above; it applies pretty much universally.
You may have noticed that Chromium browsers don’t give you the option to choose your own DNS provider. Currently, setting the flag to “enabled” defaults to Cloudflare, but if you really want to manually change it, you can follow the instructions below.
1. Right-click your Chrome/Chromium shortcut (on your desktop, most likely).
2. In the “target” box go all the way to end of the string ending in “Chrome.exe,” put a space after the quotation mark, and paste in
--enable-features="dns-over-https<DoHTrial" --force-fieldtrials="DoHTrial/Group1" --force-fieldtrial-params="DoHTrial.Group1:server/https%3A%2F%2F220.127.116.11%2Fdns-query/method/POST.
3. That “18.104.22.168” IP address is Cloudflare’s service. Replace it with the address from whichever provider you prefer.
4. Click “Apply” and relaunch the browser.
In future versions, Chrome and Chromium-based browsers plan to support multiple DNS providers.
Browsers that do not currently support DNS over HTTPS
- Internet Explorer
Testing DNS over HTTPS
Once you have your DNS all set up, you can see if it’s working!
Your first option is visiting 22.214.171.124/help to use Cloudflare’s testing service. The DNS over HTTPS section should say “Yes.”
Alternatively, you can check using DNSLeakTest, which should show you something other than your own location and internet provider.
What if it’s not working?
If you’ve enabled DNS over HTTPS in a browser and it’s not passing the tests, you can try Googling and troubleshooting, but since it’s a fairly new technology and not even properly rolled out in a lot of browsers yet, you may not find many answers. Until your preferred browser releases a stable build that supports it (and that’s likely to come soon), your most bug-free option for DoH connections is Firefox.