Share via

Windows 11 DoH Configuration Not Working in Browser

Eric 20 Reputation points
2024-10-04T08:42:55.74+00:00

Problem

I have configured the use of the DoH protocol in the network settings of Windows 11 and set the browser to use the system default secure DNS, but the browser still uses the DNS protocol instead of the DoH protocol. Only when I set DoH directly in the browser does it work successfully.

So, what’s the purpose of configuring DoH at the system level? Does only the system's own applications use the DoH protocol?

Steps to reproduce

1. Configure DoH in Windows Settings

enter image description here

2. Set Edge to Use the System Default Secure DNS

enter image description here

3. Open www.example.com in Edge and Use Wireshark to Verify if DoH is Being Used

enter image description here

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,436 questions
Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
810 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,596 questions
0 comments
Accepted answer
  1. ShiJieLi-MSFT 11,271 Reputation points Microsoft Vendor
    2024-10-05T05:35:53.92+00:00

    Hi @Eric,

    The option Use current service provider means DoH will only be used if the user’s OS DNS provider is known to support DoH. Please check if your OS DNS provider met the prerequisite. If not, you may explicitly configure a DoH provider in Choose a service provider.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,

    Shijie Li

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Esteban Perez 0 Reputation points
    2025-01-31T01:26:28.01+00:00

    My Windows 11 machine (Windows 11 Pro - 24H2 - 26100.2894 ) configuration:

    User's image

    User's image

    You can use any other DNS Server provider with DOH enabled.

    I hope it can help you. I setup DOH (port 443) in my Windows 11 machine (Windows 11 Pro - 24H2 - 26100.2894 ) and it was working very well. But:

    Because I need to use powershell commands like Resolve-DnsName, I need to resolve DNS using port 53.

    I tried several posted solution and finally found one: Using Group Policy.

    I open Local Group Policy Editor

    • Go to Local Computer Policy --> Computer Configuration --> Administrative Templates --> Network --> DNS Client
    • Double click in Configure encrypted name resolution.

    Options:

    • Only need DOH: Require Encryption / Allow DOH / Block DOT
    • Only need DOT: Require Encryption / Block DOH / Allow DOT
    • Suggestion: Allow Encryption / Allow DOH / Allow DOT ( It works for me )

    Additionally/Optional:

    • Double click in DNS Servers and Add DNS Servers IPs.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.