How to Enable Secure DNS in Chrome

Why Enable Encrypted DNS on Chrome?

By default, DNS queries are sent in plain text over UDP port 53. This means your ISP, network administrator, or anyone on your local network can see every domain you visit. Encrypted DNS solves this by wrapping your DNS queries in TLS or HTTPS encryption.

• DNS-over-HTTPS (DoH) sends DNS queries inside HTTPS on port 443 — the same port used for web traffic. This makes it very difficult to block or detect.
• DNS-over-TLS (DoT) sends DNS queries encrypted via TLS on port 853. It is a dedicated protocol that is easier for network admins to manage but may be blocked on some networks.

This guide shows you how to configure DoH on Chrome.

Step-by-Step Setup Instructions

Follow these steps to enable encrypted DNS on Chrome:

1. Open Chrome Settings
   Click the three-dot menu in the top-right corner of Chrome and select Settings. Alternatively, type chrome://settings in the address bar and press Enter.
2. Navigate to Security settings
   In the left sidebar, click Privacy and security, then click Security.
3. Enable Secure DNS
   Scroll down to the Advanced section. Find Use secure DNS and toggle it on. By default, Chrome uses your current DNS provider if it supports DoH (opportunistic mode).
4. Choose a specific provider
   Select With: Customized and choose a provider from the dropdown: Cloudflare (1.1.1.1), Google (Public DNS), OpenDNS, or CleanBrowsing. You can also enter a custom DoH URL.
5. Verify Secure DNS is working
   Visit chrome://net-internals/#dns to see the DNS resolver configuration. Run a DNS leak test from within Chrome to confirm your chosen provider is handling queries. The test should show your selected provider instead of your ISP.

After configuring encrypted DNS, it is recommended to clear your DNS cache and test the configuration using a DNS leak test site.

Recommended Encrypted DNS Providers

These providers support encrypted DNS and are compatible with Chrome:

Verify Your Encrypted DNS Setup

After configuring encrypted DNS on Chrome, run our DNS Privacy Check to verify your queries are encrypted and your ISP cannot see your DNS traffic.

Encrypted DNS Guides for Other Platforms

Set up encrypted DNS on all your devices for comprehensive protection:

• Windows 11 (DoH)
• macOS (DoH & DoT)
• Android (DoT)
• iPhone & iPad (DoH & DoT)
• Firefox (DoH)
• Microsoft Edge (DoH)
• Linux (systemd-resolved) (DoT)
• Unbound (DoT)
• Router (DoH & DoT)

Related Resources

• DoH vs DoT: Which encrypted DNS protocol should you use?
• DNS Privacy & Security Check tool
• Best private DNS servers
• All DNS guides
• Browse DNS servers by country

Frequently Asked Questions

Does Chrome Secure DNS encrypt all my DNS queries?

Chrome Secure DNS only encrypts DNS queries made by Chrome. Other browsers and applications on your device still use system DNS settings. For full protection, enable encrypted DNS at the OS level (Windows 11, macOS, Android, iOS) or on your router.

Why does Chrome say "Your current service provider" for Secure DNS?

In default (opportunistic) mode, Chrome checks if your ISP DNS server supports DoH. If it does, Chrome uses the encrypted version automatically. If not, queries remain unencrypted. Switch to "With: Customized" and select a known DoH provider for guaranteed encryption.

Does Secure DNS work in Chrome on mobile?

Yes. Chrome for Android supports Secure DNS in the same settings location (Settings > Privacy and security > Use secure DNS). On iOS, Chrome Secure DNS works when a DoH provider is configured. On Android, you can also use the system-wide Private DNS setting.

Can my employer or school disable Secure DNS in Chrome?

Yes. Chrome enterprise policies can disable or configure Secure DNS centrally. Managed Chrome installations may have Secure DNS locked to a specific provider or disabled entirely. This is indicated by "managed by your organization" in Chrome settings.