Did you hear about DNS over HTTPS? Do you want to know what DoH is? Why this new security standard that encrypts DNS requests is important, and why you should use it? In this guide, we answer all these questions, and show you how to enable DNS over HTTPS in Google Chrome, which is the most popular web browser today. There's plenty of ground to cover, so let's get started:
What is DNS over HTTPS or Secure DNS lookups?
DNS over HTTPS, or DoH, in short, is a protocol that allows secure DNS lookups over the HTTPS protocol. It sounds complicated and strange, doesn't it? In fact, it is not, and we're going to explain why:
HTTPS is an improved and more secure version of the HTTP protocol. HTTP, or Hypertext Transfer Protocol, is the base on which data is transferred on the World Wide Web. In much simpler words, HTTP is a protocol used by websites to work and operate. HTTPS is the secure version of HTTP, which allows websites to be more secure. It is also makes it harder for malicious parties to intercept communications because it encrypts traffic.
DNS is a standard that translates the IP addresses of the websites on the internet into something readable and easier to understand and remember for us humans. For example, we all know that to visit Google, we have to enter google.com in the address bar of the web browser. However, the computer or device on which you're working on translates that address - google.com - into something more machine-friendly, which can be, for example, an address like 220.127.116.11. DNS handles the process of translating the human-readable name of a website into the machine-readable form. Unfortunately, DNS doesn't do this in a secure manner, so the entire process is open to anyone with malicious intent and knowledge on how to compromise your information. For more details about DNS, read: What is DNS? How do I see my DNS settings in Windows?.
Because of the way DNS is designed, although websites can be more secure if they use HTTPS, hackers or anyone that is between you and the websites can eavesdrop on what websites you're visiting or what you are looking for on the web. That can be your internet service provider, but it can also be someone who has taken control of the public Wi-Fi to which you just connected.
DNS over HTTPS is going to change this security hole and encrypt the whole process that translates the names of the websites into IP addresses. DoH or DNS over HTTPS is one of the things that are responsible for encrypting the connections between your web browser and the websites you visit.
How to enable DNS over HTTPS in Google Chrome on Windows, Mac, Chrome OS, and Android
Regardless of whether you use Windows, Mac, Chrome OS, or Android, the steps to enable DNS over HTTPS (DoH) in Google Chrome are the same, with a few visual differences. To keep things simple, we're using screenshots taken only in Chrome on Windows 10. To enable DoH, open Google Chrome and, in its address bar, type chrome://flags/#dns-over-https. Then, press Enter on your keyboard.
You are shown a page full of experimental features and settings available in Google Chrome. The first one should be called Secure DNS lookups. Under it, Google explains that this setting "Enables DNS over HTTPS. When this feature is enabled, your browser may try to use a secure HTTPS connection to look up the addresses of websites and other web resources. – Mac, Windows, Chrome OS, Android". Click or tap on the button found on the right side, which should say "Default."
From the list of options displayed, select Enabled.
As soon as you enable the DNS over HTTPS setting, Google Chrome asks you to Relaunch it so that it can apply the change. Click or tap on the Relaunch button or close and reopen Google Chrome.
Now Google Chrome is configured to use DNS over HTTPS whenever that's possible. However, that doesn't mean that you are safe just yet. Read on to see which are the following steps you should take.
NOTE: In Chrome for iOS, this feature is not available yet.
Change the DNS servers on your Windows PC
Not all Internet Service Providers support DoH, and there are only a few public DNS servers that do. Two of the best providers of public DNS servers are Google and Cloudflare. Unless your internet service provider already offers support for DNS over HTTPS, Google and Cloudflare's DNS servers are your best options. Google's public DNS servers IP addresses are 18.104.22.168 and 22.214.171.124, while Cloudflare's public DNS servers IP addresses are 126.96.36.199 and 188.8.131.52. If you don't know how to change your DNS servers in Windows, follow the steps we've detailed here: Change the DNS servers used by your Windows PC in 3 steps.
The quick way to do it in Windows 10 is to open the Settings app, go to Network & Internet -> Change adapter options, double-click or double-tap on your network connection, and press the Properties button. Then, double-click or double-tap on Internet Protocol version 4 (TCP/IPv4), mark the "Use the following DNS server address" and enter the IP addresses of Google or Cloudflare public DNS servers that we mentioned earlier.
Once you've set the DNS servers to ones that support DNS over HTTPS, you should be all set. All that remains is for you to check whether DoH actually works on your computer or device.
How to test if DNS over HTTPS works in Google Chrome
To check whether DoH works in your Google Chrome, open it, and visit Cloudflare's Browsing Experience Security Check webpage. Press the orange Check My Browser button and wait for the testing to be done.
If the Secure DNS test is marked green and says that "You are using encrypted DNS transport [...]," then you've successfully configured DNS over HTTPS for Google Chrome on your device.
Did you turn DNS over HTTPS on in Google Chrome?
As you've seen, DNS over HTTPS is quite an important protocol that many security-conscious people have waited to see implemented. Fortunately, Google Chrome now supports DoH, and enabling it is not very hard, although it does require a few steps. Did you enable DNS over HTTPS in your Google Chrome? Did you encounter any problems? Leave a comment below, and let's resolve them.