How to Enable DNS Over HTTPS in Various Browsers

Dns Over Htps Feature

DNS over HTTPS (DoH) is a great new security and privacy standard for encrypting DNS requests, and most browsers will probably enable it by default in the future. Currently, though, only Firefox really makes it easy to switch on. Other browsers, if they support it at all, are mostly still treating DoH as an experimental feature, so you’ll have to go through a few extra steps to make it work.

Why should I enable DNS over HTTPS?

When you visit a site, your computer first needs to find the address of that site’s server, so it sends out a query to a DNS server asking for the IP address that connects to the name you typed in. Up until quite recently, that request could only be sent in plaintext (unencrypted data), which means third parties can theoretically read it and figure out where you’re trying to go, even if your connection to the server is encrypted with HTTPS.

DNS over HTTPS simply uses the HTTPS protocol to encrypt your DNS request so it can’t be read, which is pretty much a no-brainer in terms of making browsing more secure and private. It’s not so popular with services that want to block web traffic using DNS filtering, but that’s a different debate.

Enable DNS over HTTPS in Firefox

The first browser to support DNS over HTTPS, Firefox is also the easiest one to configure:

1. Go to “Options” or type about:preferences into the address bar.

Dns Over Https Enable Firefox

2. With the General tab selected, scroll down until you see “Network Settings.” Select “Settings …”

Dns Over Https Enable Firefox Settings

3. In the pop-up menu, scroll down again until you see “Enable DNS over HTTPS.”

Dns Over Https Enable Firefox Doh

4. Select either Cloudflare (Firefox’s default provider) or Custom, which lets you use another provider like Quad9 or Google Public DNS.

That’s it! Your DNS requests using Firefox should now be encrypted.

There’s no setting in Firefox mobile yet, but you can still enable it (at least on Android) with the following steps:

Dns Over Https Android Firefox

1. Enter about:config in the address bar.

2. Search for “network.trr.mode,” and use the up arrow button to set it to 2.

You now have DNS over HTTPS in Firefox for Android!

Enable DNS over HTTPS in Chrome/Chromium-based browsers

Chrome has DNS over HTTPS, but it’s currently listed as a “flag,” which is an experimental feature that isn’t quite ready to be rolled out to the public. Playing around with these features could cause Chrome to become unstable, but the DoH flag shouldn’t have any adverse effects. As it is an experimental feature, though, it may not always work as expected, so you shouldn’t necessarily depend on a Chromium-based browser to always be using DoH until it’s fully supported in a stable build.

If you’re interested in the other flags, you can access them by entering chrome://flags into the address bar.

The same general steps apply both to Chrome and to every browser built using the Chromium codebase. The only thing you might need to change is the browser name at the beginning (see the list below), but I’ve found that the Chrome flag actually works on almost all Chromium browsers.

Dns Over Https Enable Chrome

1. For Chrome, enter chrome://flags/#dns-over-https.

2. Find the option titled “Secure DNS lookups” and use the menu on the right to change its status to Enabled.

3. Relaunch Google Chrome to apply the setting.

This works on both the desktop and mobile versions of Chrome.

Enable DNS over HTTPS in Edge (Chromium)

Dns Over Https Enable Edge

Microsoft’s Edge browser in its EdgeHTML form does not support DNS over HTTPS, but the Chromium version does. As of November 2019, you can download and use the Chromium beta version, though, and that should be rolling out to the general public on January 15th, 2020.

When that happens you’ll be able to turn on DoH using edge://flags/#dns-over-https.

Enable DNS over HTTPS in Brave (Chromium)

Dns Over Https Enable Brave

Brave is a great privacy/ad-blocking/crypto browser, and it’s pretty much the same as Chrome in terms of turning on DNS over HTTPS.

Just enter brave://flags/#dns-over-https into the address bar.

For mobile, only chrome://flags/#dns-over-https currently works.

Enable DNS over HTTPS in Opera (Chromium)

Dns Over Https Enable Opera

Opera moved to Chromium source code in 2013, so it follows the same formula as any other Chromium browser.

Just enter opera://flags/#dns-over-https into the address bar to find the relevant setting.

This currently doesn’t seem to work on Opera’s mobile versions.

Enable DNS over HTTPS in Vivaldi (Chromium)

Dns Over Https Enable Vivaldi

This highly-customizable productivity browser has been bouncing around the Web for a while, and thanks to its Chromium codebase, it’s pretty easy to set Vivaldi to DNS over HTTPS.

Just enter vivaldi://flags/#dns-over-https into the address bar.

Vivaldi’s mobile beta does not currently include a DoH option.

Other Chromium-based browsers

If you’re using any other type of Chromium-based browser, you can just follow the pattern above; it applies pretty much universally.

You may have noticed that Chromium browsers don’t give you the option to choose your own DNS provider. Currently, setting the flag to “enabled” defaults to Cloudflare, but if you really want to manually change it, you can follow the instructions below.

Dns Over Https Enable Chrome Alternative

1. Right-click your Chrome/Chromium shortcut (on your desktop, most likely).

2. In the “target” box go all the way to end of the string ending in “Chrome.exe,” put a space after the quotation mark, and paste in --enable-features="dns-over-https<DoHTrial" --force-fieldtrials="DoHTrial/Group1" --force-fieldtrial-params="DoHTrial.Group1:server/https%3A%2F%2F1.1.1.1%2Fdns-query/method/POST.

3. That “1.1.1.1” IP address is Cloudflare’s service. Replace it with the address from whichever provider you prefer.

4. Click “Apply” and relaunch the browser.

In future versions, Chrome and Chromium-based browsers plan to support multiple DNS providers.

Browsers that do not currently support DNS over HTTPS

  • Safari
  • Internet Explorer

Testing DNS over HTTPS

Once you have your DNS all set up, you can see if it’s working!

Your first option is visiting 1.1.1.1/help to use Cloudflare’s testing service. The DNS over HTTPS section should say “Yes.”

Dns Over Https Dns Test

Alternatively, you can check using DNSLeakTest, which should show you something other than your own location and internet provider.

Dns Over Https Leak Test

What if it’s not working?

If you’ve enabled DNS over HTTPS in a browser and it’s not passing the tests, you can try Googling and troubleshooting, but since it’s a fairly new technology and not even properly rolled out in a lot of browsers yet, you may not find many answers. Until your preferred browser releases a stable build that supports it (and that’s likely to come soon), your most bug-free option for DoH connections is Firefox.

10 comments

  1. I have Chrome V 78.0.3904.97, and the Secure DNS Lookup option is not listed — did Chrome remove it with an update?

    1. Hey Mausul! The current Chrome version is 78.0.3904.108, and I still see the flag there. If you still don’t see the flag after updating your browser, I’m not sure what would be going on there. Try just going to Chrome://flags and searching for “DNS”; it might come up that way.

    2. If your browser is being managed by an organization that has set policies governing what you can do with it, that might affect your ability to access Chrome flags, though.

      1. Yup. looks like the “net nannies” have disabled this flag — I can see it on my home PC, just not at work … :-(

  2. . The flag is not available in Chromium / Linux: “Not available on your platform”.
    . Modify the shortcut/launcher: error message: quote problem

    1. I’m afraid I don’t work enough with Linux to know why that would be, and I haven’t been able to turn up any straightforward solutions to it. Sorry!

  3. This doesn’t seem to work in chrome 78.3904 on Windows Latest version as of today. Maybe it’s Beta only and while in Flags but not really working? Disabling all extensions doesn’t seem to make any difference. Oh well.

    1. I think I might have a fix for that, actually! I was playing around with my own computer’s DNS settings and I noticed that when I have the IPv4 on my Wi-Fi adapter set to Cloudflare (1.1.1.1/1.0.0.1) all the Chromium browsers come up positive for DoH on 1.1.1.1/help, but if I change the DNS to something else, it stops working. Follow their instructions here to set Cloudflare at the machine level: https://1.1.1.1/dns/

      Let me know if that helps you! If it does I might add that fix to the article.

  4. Really good article, Andrew. Thanks.

    It should be noted that when set in Firefox Options, the network.trr.mode is in default, allowing for native resolver fallback should the DoH resolve fais.

    So, it’s not as absolutely secure and private as advertised. Fallback is necessary, howerver, for the massive mainstream user base.

    The network.trr.mode 3 and network.trr.bootstrapAddress prefs remain available as of v70 and can still be set. Which is where I’ve had it with Cloudflare for almost two years without issue. Even though, I’m thinking about ultimately setting Quad9 as the fallback.

    I doubt if mode 3 bootstrap will ever make it to the Options UI.

    Knowing very little about Chrome’s implementation via the flag, I’d be surprised if there weren’t a fallback as well or if a bootstrap is or will ever be available for the user to configure.

    1. Hey Haakon! Thanks for the in-depth feedback. I didn’t think about the fallback resolver in FF–that makes sense though! Just set my bootstrapAddress to Quad9.

      As far as DoH on Chrome goes, yeah, I doubt it’s the top development priority.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.