DNS over HTTPS ( DoH ) 是一种隐私功能,在Windows 10中可以使用多种方法,但从来都不是允许任何消费者使用它的选项。这在Windows 11中发生了变化。Windows 网络设置(Windows Network Settings)现在允许消费者从未加密的网络切换到完全加密。此手机将显示您可以在Windows 11中使用(Windows 11)DNS over HTTPS隐私功能。
什么是基于 HTTPS 的 DNS?
我相信我们大多数人现在在访问网站时都知道HTTPS 。DNS查询也采用了同样的方法。每次访问网站时,请求都会通过安全、加密的网络发送到DNS或域名解析(Domain Name Resolution)服务器。此方法可确保中间攻击中的任何人都无法篡改请求并将您带到受感染的网站。
如何在Windows 11中使用(Windows 11)DNS over HTTPS ( DoH )
- 打开 Windows 设置 (Win + I)
- 点击网络和互联网
- 根据 PC 或笔记本电脑(Laptop)的连接方式,单击以太网(Ethernet)或无线(Wireless)
- 它将显示以太网(Ethernet)或WiFi设置,并显示允许您修改网络的所有控制选项。单击(Click)DNS服务器分配旁边的编辑按钮。(Edit)
- 一旦Edit DNS settings 窗口出现,使用下拉菜单从Automatic切换到Manual允许您使用DoH。选择 Manual(Select Manual),然后打开IPv4或IPv6,具体取决于您在 PC 上使用的内容。
- 接下来,输入DoH服务器 IP 地址,然后从首选DNS Encryption中选择Encrypted Only。对备用 DNS(Alternate DNS)重复相同的操作。您甚至可以通过使用Google DNS作为主要 DNS 和Cloudflare DNS作为次要混合匹配。
最后,单击(Click)“保存(Save)”按钮完成更改。发布此消息后,从浏览器或应用程序进行的任何查询都将使用DNS over HTTPS。
在网络设置中,您应该在(Network Setting)IPv4或IPv6 DNS 服务器(IPv6 DNS Servers)旁边看到已加密(Encrypted)。
Windows中可用的(Windows)DNS 加密(DNS Encryption)选项类型有哪些
- 未加密 - 默认未加密DNS。
- 加密 - 仅使用 DoH 服务器。
- 加密首选,仅未加密 - 第一个首选是DoH,但如果它不可用,它将使用未加密的DNS 。
在 Windows 上运行的DNS Over HTTPS(DNS Over HTTPS)服务列表
有大量的DoH可用,虽然其中大多数都可以使用,但建议使用流行的,例如Cloudflare(1.1.1.1 和 1.0.0.1)、Google(8.8.8.8 和 8.8.8.4)和Quad9( 9.9.9.9 和 149.112.112.112) DNS服务器。
如何通过组策略启用 DoH
如果您喜欢对所有事情使用组策略(Group Policy),或者您是需要通过组策略(Group Policy)管理计算机的 IT 管理员,那么可以使用组(Group)策略来控制(Policies)基于 HTTPS(HTTPS)的DNS。这适用于所有Windows版本,包括Home,但您需要在 Windows Home 版本上启用它。(enable it on the Windows Home version.)
按Win + R打开运行提示
键入gpedit.msc并按 Enter 键。
在GP Editor中,导航到以下路径。
Computer Configuration > Administrative Templates > Network > DNS Client
接下来,找到策略——DNS 服务器——并设置 IP 地址
应用更改,您就可以开始了。
如何使用注册表方法启用(Registry Method)DoH
虽然您可以遵循我们在 Windows 10 中使用的相同方法(same method which we used in Windows 10),但您不需要它,因为通过设置可以使用DoH 。它涉及在注册表中创建一个DWORD—EnableAutoDoh 。(DWORD—EnableAutoDoh—in)
您应该使用基于 HTTPS 的 DNS 吗?
是的。重要的是,您的ISP、任何软件或任何其他人都不能将您从计算机查询的内容欺骗到DNS。它确保您不会被定向到可以窃取您的数据的网站。
阅读(Read):如何在 Windows 11 上启用或禁用 Wi-Fi 和以太网适配器。(Enable or Disable Wi-Fi and Ethernet adapter)
ISP 可以通过 HTTPS 看到 DNS 吗?
不,他们不能,因为您没有使用他们的DNS。虽然他们对网站进行人工监控,但ISP(ISPs)不能以任何方式妥协这一点。
HTTPS 上的 DNS 更快吗?
有可能。DNS表示域名解析器(Domain Name Resolver),它越快,您连接到网站和资源的速度就越快。Cloudflare和Google以最快的DNS提供商而闻名,它们将改善您的体验。
我如何知道我的DNS是否在使用HTTPS?
Cloudflare 提供了一个(Cloudflare offers a webpage)可以检查此设置的网页。当您访问该页面时,单击检查(Check)我的浏览器,它将显示任何缺少的安全措施。如果您不想使用
有趣的是,曾经在Windows 10的一个内部版本中启用了基于 HTTPS 的 DNS,但后来被取消了(HTTPS)。(DNS)如果他们选择在未来再次启用它也就不足为奇了。不用说,您应该放弃本地 ISP 的DNS IP地址并选择Google Cloudflare DNS,它在Windows 11或任何其他操作系统中提供DNS over HTTPS隐私功能。
提示(TIP):也可以在 Firefox、Chrome、Edge、Opera等中启用基于 HTTPS 的 DNS 。(enable DNS over HTTPS in Firefox, Chrome, Edge, Opera)
How to use the DNS over HTTPS privacy feature in Windows 11
DNS over HTTPS (DoH) is a privacy feature that was possible in Windows 10 using multiple methods but was never an option that allows any consumer to use this. This has changed in Windows 11. Windows Network Settings now allows consumers to switch to fully encrypted from an unencrypted network. This phone will show you can use the DNS over HTTPS privacy feature in Windows 11.
What is DNS-over-HTTPS?
I am sure most of us now know HTTPS when visiting a website. The same has been implemented for DNS queries. Every time you access a website, the request is sent over a secure, encrypted network to the DNS or Domain Name Resolution server. This method makes sure no man in the middle attack can tamper with the request and take you to a compromised website.
How to use the DNS over HTTPS (DoH) in Windows 11
- Open Windows Settings (Win + I)
- Click on Network and Internet
- Depending on how PC or Laptop connected, click on Ethernet or Wireless
- It will reveal the Ethernet or WiFi settings and reveal all the control options that allow you to modify the network. Click on the Edit button next to the DNS server assignment.
- Once the Edit DNS settings window shows up, switch from Automatic to Manual using the dropdown allowing you to use DoH. Select Manual, and then toggle on IPv4 or IPv6, depending on what you are using on your PC.
- Next, type in the DoH server IP address, and then from the preferred DNS Encryption, select Encrypted Only. Repeat the same for Alternate DNS. You can even mix-match by using Google DNS as primary and Cloudflare DNS as secondary.
Finally, Click on the Save button to complete the changes. Post this, any query made from the browser or application will be using DNS over HTTPS.
In the Network Setting, you should see Encrypted next to the IPv4 or IPv6 DNS Servers.
What are the types of DNS Encryption options available in Windows
- Unencrypted—Default unencrypted DNS.
- Encrypted—Use DoH servers only.
- Encrypted preferred, unencrypted only—The first preference is DoH, but it will use the unencrypted DNS if it’s unavailable.
List of DNS Over HTTPS services that work on Windows
There are tons of DoH available, and while most of them will work, it is recommended to use the popular ones such as Cloudflare (1.1.1.1 and 1.0.0.1 ), Google ( 8.8.8.8 and 8.8.8.4 ), and Quad9 (9.9.9.9 and 149.112.112.112) DNS servers.
How to enable DoH via Group Policy
If you love to use Group Policy for everything or if you are an IT admin who needs to manage computers via Group Policy, then DNS over HTTPS can be controlled using Group Policies. This works on all Windows versions, including Home, but you need to enable it on the Windows Home version.
Press Win + R to open the Run prompt
Type gpedit.msc and press the Enter key.
In the GP Editor, navigate to the following path.
Computer Configuration > Administrative Templates > Network > DNS Client
Next, locate the policy—DNS servers—and set the IP address
Apply the changes, and you are good to go.
How to enable DoH using Registry Method
While you can follow the same method which we used in Windows 10, but you don’t need it as DoH is available through the settings. It involves the creation of a DWORD—EnableAutoDoh—in the registry.
Should you use DNS over HTTPS?
Yes. It is important that not your ISP, not any software, or anybody else can spoof what you are querying from the computer to DNS. It makes sure you are not directed to a website that can steal your data.
Read: How to Enable or Disable Wi-Fi and Ethernet adapter on Windows 11.
Can ISP see DNS over HTTPS?
No, they cannot because you are not using their DNS. While they man monitors the website, but ISPs can not in any way compromise this.
Is DNS over HTTPS faster?
It can be. DNS means Domain Name Resolver, and the faster it is, the faster you connect to the website and resource. Cloudflare and Google are known to be the fastest DNS providers, and they will improve your experience.
How do I know if my DNS is working HTTPS?
Cloudflare offers a webpage that can check this setting. When you visit the page, click on Check my browser, and it will reveal any missing security measures. If you do not want to use
It is interesting to note that DNS over HTTPS was once enabled in Windows 10 in one of the insider builds but was taken away. It wouldn’t be surprising if they chose to enable it again in the future. It goes without saying that you should ditch your local ISP’s DNS IP address and choose Google, Cloudflare DNS, which offers DNS over HTTPS privacy feature in Windows 11 or any other OS.
TIP: It is also possible to enable DNS over HTTPS in Firefox, Chrome, Edge, Opera, etc.
