Does this hide my IP address?

No, it hides the content of your DNS requests, but your IP address is still visible to the websites you visit.

Can I use this on a router?

Yes, many modern routers and services like Pi-hole or NextDNS support DoH for network-wide protection.

Securing Your Home Network with DNS-over-HTTPS

Q: What is DNS-over-HTTPS?

It is a protocol that encrypts your DNS queries via HTTPS, making them look like regular web traffic to prevent interception.

Imagine you're browsing for a new laptop, and your ISP (Internet Service Provider) logs every single domain name you request. Even if the site itself is encrypted via HTTPS, your DNS queries—the actual requests to find a website—are often sent in plain text. This means anyone sitting between you and the server can see exactly where you're going. DNS-over-HTTPS (DoH) fixes this by wrapping those requests in an encrypted layer.

What is DNS-over-HTTPS?

DNS-over-HTTPS is a protocol that encrypts your DNS queries by sending them through an encrypted HTTPS connection rather than plain text. It prevents your ISP or local network administrators from snooping on your web traffic patterns. By using port 443—the same port used for standard web traffic—it makes your DNS requests look like regular web browsing, making them much harder to intercept or manipulate.

Standard DNS is like sending a postcard through the mail; anyone handling it can read the address. DoH turns that postcard into a sealed, encrypted envelope. It's a simple way to add a layer of privacy to your daily browsing without needing expensive hardware.

How Do I Enable DoH on My Devices?

You can enable DoH by changing the DNS settings in your web browser or your operating system's network settings. Most modern browsers have this built-in, so you don't need to install extra software.

Here is how you can set it up on common platforms:

Google Chrome: Go to Settings > Privacy and security > Security. Scroll down to "Use secure DNS" and select a provider like Cloudflare or Google.
Mozilla Firefox: Navigate to Settings > Privacy & Security. Under "DNS over HTTPS," select "Increased Protection" or "Max Protection."
Windows 11: Go to Settings > Network & internet > Ethernet/Wi-Fi. Click on your network properties and look for "DNS server assignment" to toggle encrypted DNS.

If you're more of a tinkerer, you might want to look at the Wikipedia entry for DoH to understand the technical handshake. For those running a home lab, you can even configure this at the router level using tools like Pi-hole or AdGuard Home.

Which DNS Providers Are Best for Privacy?

The best DNS provider depends on whether you prioritize speed, privacy, or content filtering. Most people use a handful of reliable, well-known services.

Provider	Primary Benefit	Best For
Cloudflare (1.1.1.1)	Extreme Speed	General browsing and gaming
Google Public DNS	Reliability	Stability across many devices
Quad9	Security/Malware Blocking	Protecting against malicious domains

Choosing a provider like Cloudflare is a great move if you want to minimize latency. However, if your goal is strictly blocking malicious sites, Quad9 is a fantastic option. It's worth noting that while DoH hides your requests from your ISP, the DNS provider itself can still see your queries. If you're serious about privacy, make sure you've also looked into securing your digital life more broadly.

One thing to keep in mind—if you're using a corporate VPN, your DNS requests might still be routed through the company's infrastructure. In those cases, the DoH settings on your local machine might be overridden by the VPN's own protocols.