Windows 11 comes pre-registered with a list of popular public Domain Name System (DNS) servers that Windows can connect to resolve network addresses. However, the default settings does not automatically use the more secure DNS protocol known as DNS-over-HTTPS (DoH) for these public DNS servers.
This tech tip shows you how to do a one time configuration to enable the Windows client to automatically enable DoH for public DNS servers provided by Google and Cloudflare.
PowerShell Cmdlet Official Documentation
Official Documentation to setup Cloudflare public DNS
Open Terminal (Admin). A Windows PowerShell terminal will appear.
Copy and paste the following command to enable DoH for Google public DNS.
Set-DnsClientDohServerAddress -ServerAddress '8.8.8.8' -AutoUpgrade $True;
Set-DnsClientDohServerAddress -ServerAddress '2001:4860:4860::8888' -AutoUpgrade $True;
Set-DnsClientDohServerAddress -ServerAddress 8.8.4.4 -AutoUpgrade $True;
Set-DnsClientDohServerAddress -ServerAddress '2001:4860:4860::8844' -AutoUpgrade $True
Copy and paste the following command to enable DoH for Cloudflare public DNS.
Set-DnsClientDohServerAddress -ServerAddress '1.1.1.1' -AutoUpgrade $True;
Set-DnsClientDohServerAddress -ServerAddress '2606:4700:4700::1111' -AutoUpgrade $True;
Set-DnsClientDohServerAddress -ServerAddress 1.0.0.1 -AutoUpgrade $True;
Set-DnsClientDohServerAddress -ServerAddress '2606:4700:4700::1001' -AutoUpgrade $True
Verify that the Windows entries for the Google and Cloudflare public DNS
servers have the AutoUpgrade column set to True.
Get-DnsClientDohServerAddress
You should see an output similar to that below.
ServerAddress AllowFallbackToUdp AutoUpgrade DohTemplate
------------- ------------------ ----------- -----------
149.112.112.112 False False https://dns.quad9.net/dns-query
9.9.9.9 False False https://dns.quad9.net/dns-query
8.8.8.8 False True https://dns.google/dns-query
8.8.4.4 False True https://dns.google/dns-query
1.1.1.1 False True https://cloudflare-dns.com/dns-query
1.0.0.1 False True https://cloudflare-dns.com/dns-query
2001:4860:4860::8844 False True https://dns.google/dns-query
2001:4860:4860::8888 False True https://dns.google/dns-query
2606:4700:4700::1001 False True https://cloudflare-dns.com/dns-query
2606:4700:4700::1111 False True https://cloudflare-dns.com/dns-query
2620:fe::9 False False https://dns.quad9.net/dns-query
2620:fe::fe False False https://dns.quad9.net/dns-query
If you plan to use Cloudflare 1.1.1.1 for Families DoH, you can follow the steps below to do this.
⚠️ Caution
These public DNS filter domain names and may cause degradation in your network performance. Use them if you assessed that the pros of the additional security features outweigh the cons of possible lower performance.
Add “block malware” series of Cloudflare for Families public DNS.
Add-DnsClientDohServerAddress 1.1.1.2 https://security.cloudflare-dns.com/dns-query -AutoUpgrade $True;
Add-DnsClientDohServerAddress 1.0.0.2 https://security.cloudflare-dns.com/dns-query -AutoUpgrade $True;
Add-DnsClientDohServerAddress 2606:4700:4700::1112 https://security.cloudflare-dns.com/dns-query -AutoUpgrade $True;
Add-DnsClientDohServerAddress 2606:4700:4700::1002 https://security.cloudflare-dns.com/dns-query -AutoUpgrade $True
Add “block malware & adult content” series of Cloudflare for Families public DNS.
Add-DnsClientDohServerAddress 1.1.1.3 https://family.cloudflare-dns.com/dns-query -AutoUpgrade $True;
Add-DnsClientDohServerAddress 1.0.0.3 https://family.cloudflare-dns.com/dns-query -AutoUpgrade $True;
Add-DnsClientDohServerAddress 2606:4700:4700::1113 https://family.cloudflare-dns.com/dns-query -AutoUpgrade $True;
Add-DnsClientDohServerAddress 2606:4700:4700::1003 https://family.cloudflare-dns.com/dns-query -AutoUpgrade $True