Secure DNS in Microsoft Edge
Protect your DNS queries from ISP monitoring and tampering by enabling encrypted DNS (DoH) on Microsoft Edge. This guide walks you through each step with real settings and menu paths.
Last updated
Why Enable Encrypted DNS on Microsoft Edge?
By default, DNS queries are sent in plain text over UDP port 53. This means your ISP, network administrator, or anyone on your local network can see every domain you visit. Encrypted DNS solves this by wrapping your DNS queries in TLS or HTTPS encryption.
- DNS-over-HTTPS (DoH) sends DNS queries inside HTTPS on port 443 — the same port used for web traffic. This makes it very difficult to block or detect.
- DNS-over-TLS (DoT) sends DNS queries encrypted via TLS on port 853. It is a dedicated protocol that is easier for network admins to manage but may be blocked on some networks.
This guide shows you how to configure DoH on Microsoft Edge.
Step-by-Step Setup Instructions
Follow these steps to enable encrypted DNS on Microsoft Edge:
-
Open Edge Settings
Click the three-dot menu in the top-right corner of Microsoft Edge and select Settings. Alternatively, type edge://settings in the address bar. -
Navigate to Security settings
In the left sidebar, click Privacy, search, and services. Scroll down to the Security section. -
Enable Secure DNS
Find Use secure DNS to specify how to lookup the network address for websites and toggle it on. -
Choose a DNS provider
Select Choose a service provider. Enter or select a DoH provider: Cloudflare (https://cloudflare-dns.com/dns-query), Google (https://dns.google/dns-query), Quad9 (https://dns.quad9.net/dns-query), or OpenDNS. -
Verify the configuration
Visit a DNS leak test site in Edge. The results should show your chosen DNS provider. You can also check edge://net-internals/#dns for DNS resolver details.
After configuring encrypted DNS, it is recommended to clear your DNS cache and test the configuration using a DNS leak test site.
Recommended Encrypted DNS Providers
These providers support encrypted DNS and are compatible with Microsoft Edge:
| Provider | Primary IP | Secondary IP | DoH URL | DoT Hostname | |
|---|---|---|---|---|---|
| Cloudflare | 1.1.1.1 |
1.0.0.1 |
https://cloudflare-dns.com/dns-query |
one.one.one.one |
|
8.8.8.8 |
8.8.4.4 |
https://dns.google/dns-query |
dns.google |
||
| Quad9 | 9.9.9.9 |
149.112.112.112 |
https://dns.quad9.net/dns-query |
dns.quad9.net |
Verify Your Encrypted DNS Setup
After configuring encrypted DNS on Microsoft Edge, run our DNS Privacy Check to verify your queries are encrypted and your ISP cannot see your DNS traffic.
Run DNS Privacy CheckEncrypted DNS Guides for Other Platforms
Set up encrypted DNS on all your devices for comprehensive protection:
- Windows 11 (DoH)
- macOS (DoH & DoT)
- Android (DoT)
- iPhone & iPad (DoH & DoT)
- Firefox (DoH)
- Chrome (DoH)
- Linux (systemd-resolved) (DoT)
- Unbound (DoT)
- Router (DoH & DoT)
Related Resources
Frequently Asked Questions
Is Microsoft Edge Secure DNS the same as Windows 11 DoH?
No. Edge Secure DNS only encrypts DNS queries made within Edge. Windows 11 DNS-over-HTTPS encrypts DNS for all applications system-wide. For complete protection, enable both: Windows 11 DoH for system-wide coverage and Edge Secure DNS as an additional browser-level layer.
Does Edge Secure DNS work on macOS and Linux?
Yes. Microsoft Edge supports Secure DNS on all desktop platforms including Windows, macOS, and Linux. The settings are in the same location: Privacy, search, and services > Security > Use secure DNS.
Why did Edge disable my Secure DNS setting?
Enterprise-managed Edge installations may have Secure DNS controlled by group policy. Additionally, Edge may disable Secure DNS on networks that use DNS-based content filtering to avoid breaking network policies. Check edge://policy for any applied policies.