Check & Enable Encrypted DNS

Private DNS, DNS over HTTPS, and DNS over TLS protect your lookups from snooping on public Wi-Fi and ISPs.

This guide runs entirely in your browser. No data is sent or collected.
Windows 10 & 11

Browser Check

  • Edge/Chrome: Settings → Privacy and Security → Security → Use secure DNS. Confirm it is enabled with a known provider.
  • Firefox: Settings → General → Network Settings → Enable DNS over HTTPS.

System-wide (Windows 11)

  • Settings → Network & Internet → Ethernet/Wi-Fi → DNS Server Assignment → Edit.
  • Switch to Manual, enable IPv4, turn DNS over HTTPS to On.
  • Enter DoH servers, for example 9.9.9.9 and 149.112.112.112.
macOS (Monterey or newer)
  • System Settings → Network → your connection → Details → DNS. If you see only IPs, it is unencrypted.
  • Install an encrypted DNS configuration profile from a trusted provider such as Quad9 or Cloudflare.
  • Verify under System Settings → Privacy & Security → Profiles.
Linux (systemd-resolved / NetworkManager)
  • Run resolvectl status to check DNSOverTLS status.
  • Edit /etc/systemd/resolved.conf and add: 
    DNS=9.9.9.9
DNSOverTLS=yes
  • Restart: sudo systemctl restart systemd-resolved.
iPhone / iPad (iOS 14+)
  • Settings → Wi-Fi → the network → Configure DNS → Automatic, default is unencrypted.
  • Install a DNS configuration profile from your provider, for example Quad9 or Cloudflare.
  • Verify under Settings → General → VPN & Device Management → Profile.
Android (9+)
  • Settings → Network & Internet → Private DNS.
  • Select “Private DNS provider hostname” and enter one of the following:
    • dns.quad9.net
    • one.one.one.one
    • dns.google
    • dns.adguard.com
    • <your-id>.dns.nextdns.io
Chromebook (ChromeOS)
  • Clock → Settings → Network → Wi-Fi → Name servers → Custom name servers.
  • In Chrome: Settings → Privacy & Security → Security → Use secure DNS.

Encrypted DNS Providers

The resolvers below support DNS over HTTPS and DNS over TLS. Copy any entry into your OS or browser settings.

Provider DoH Endpoint (HTTPS) DoT Hostname IPs Notes
Cloudflare https://cloudflare-dns.com/dns-query one.one.one.one 1.1.1.1, 1.0.0.1 Fast, privacy-focused, optional family profiles.
Quad9 https://dns.quad9.net/dns-query dns.quad9.net 9.9.9.9, 149.112.112.112 Blocks known malicious domains.
Google Public DNS https://dns.google/dns-query dns.google 8.8.8.8, 8.8.4.4 Reliable and globally available.
NextDNS https://dns.nextdns.io/<id> <id>.dns.nextdns.io Dynamic Custom filtering and analytics per account.
AdGuard DNS https://dns.adguard.com/dns-query dns.adguard.com 94.140.14.14, 94.140.15.15 Optional ad-blocking and family protection.
CleanBrowsing https://doh.cleanbrowsing.org/doh/security-filter/ security-filter-dns.cleanbrowsing.org 185.228.168.9, 185.228.169.9 Family-safe and adult-filter profiles available.