DNS over HTTPS (DoH) Tester

Test DNS over HTTPS endpoints from major providers. Enter a domain name, select DoH resolvers, and compare results and response times. Verify that encrypted DNS is working correctly from your network.

Domain to Resolve Record Type

A (IPv4) AAAA (IPv6) MX TXT CNAME

DoH Providers

Google Cloudflare Quad9 OpenDNS AdGuard Mullvad

What Is DNS over HTTPS (DoH)?

DNS over HTTPS (DoH) encrypts DNS queries by sending them over the HTTPS protocol (port 443). Instead of sending plain-text DNS queries that your ISP and network operators can intercept and read, DoH wraps them in standard HTTPS encryption, making DNS traffic indistinguishable from regular web browsing.

DoH is one of several encrypted DNS protocols designed to improve privacy. Understanding how DNS works helps appreciate why encrypting these queries matters — every website you visit starts with a DNS lookup that reveals your browsing habits. See our guide on configuring DoH on your router for network-wide protection.

DoH vs DoT vs Traditional DNS

There are three main approaches to DNS resolution, each with different security and performance characteristics:

Feature	Traditional DNS	DNS over TLS (DoT)	DNS over HTTPS (DoH)
Port	53 (UDP/TCP)	853 (TCP)	443 (HTTPS)
Encryption	None	TLS 1.2/1.3	TLS 1.2/1.3 via HTTPS
Blockable by network	Yes (easily)	Yes (port 853)	Difficult (same port as HTTPS)
ISP visibility	Full query visibility	Can detect DNS traffic	Cannot distinguish from HTTPS
Browser support	OS-level only	OS/app level	Native in Firefox, Chrome, Edge
Performance overhead	Minimal	TLS handshake	TLS + HTTP/2 overhead

For router-level encrypted DNS, see our guides on DNS over HTTPS on routers and DNS over TLS on routers. On mobile devices, Private DNS on Android uses DoT by default.

Pro Tip: DoH is harder to block than DoT because it uses the same port (443) as regular HTTPS traffic. This makes it the better choice if you're on a network that restricts encrypted DNS. However, DoT is lighter-weight and preferred for router-level configuration. Choose based on your deployment: DoH for browsers, DoT for router settings.

DoH Provider Comparison

Each DoH provider has different privacy policies, features, and global infrastructure:

Provider	DoH Endpoint	Privacy Policy	Special Features
Cloudflare	cloudflare-dns.com/dns-query	No logging (audited annually)	Fastest global network, WARP integration
Google	dns.google/dns-query	Temporary logs (24-48h)	Largest infrastructure, EDNS Client Subnet
Quad9	dns.quad9.net/dns-query	No user data logging	Malware/phishing blocking, non-profit
OpenDNS	doh.opendns.com/dns-query	Cisco privacy policy	Content filtering, FamilyShield option
AdGuard	dns.adguard-dns.com/dns-query	Minimal logging	Ad/tracker blocking at DNS level
Mullvad	dns.mullvad.net/dns-query	No logging (privacy-focused)	No EDNS, no query name minimization leaks

How to Enable DoH

You can enable DoH at the browser level, operating system level, or router level:

Firefox

1. Open Settings → Privacy & Security
2. Scroll to "DNS over HTTPS"
3. Select "Max Protection"
4. Choose provider (Cloudflare, NextDNS, or custom)

Chrome / Edge

1. Open Settings → Privacy and Security → Security
2. Enable "Use secure DNS"
3. Select provider or enter custom DoH URL

Windows 11

# PowerShell (admin):
Set-DnsClientDohServerAddress -ServerAddress "1.1.1.1" -DohTemplate "https://cloudflare-dns.com/dns-query" -AllowFallbackToUdp $false -AutoUpgrade $true

Router Level

Many modern routers support DoH or DoT natively. Log in to your router at 192.168.1.1 and look for DNS encryption settings. See our detailed guide on DNS over HTTPS on routers or use DNS over TLS as an alternative.

Note: Enabling DoH in your browser overrides the DNS settings configured on your router or operating system. This means network-level DNS filtering (like parental controls or corporate security policies) may be bypassed. If you want DoH for all devices, configure it at the router level instead. For comparison of resolver speeds, use our DNS Speed Benchmark.

Privacy Benefits of DoH

DNS over HTTPS addresses several privacy concerns that exist with traditional DNS:

ISP tracking prevention — Your ISP can no longer see which domains you query, reducing their ability to build browsing profiles. Learn more about how to hide browsing activity from your ISP.
Man-in-the-middle protection — Encrypted queries prevent attackers on public WiFi from intercepting or modifying DNS responses.
DNS hijacking prevention — Some ISPs redirect DNS queries to inject ads or block content. DoH prevents this manipulation.
Censorship circumvention — Since DoH traffic looks like regular HTTPS, it's harder for networks to selectively block DNS queries.

For comprehensive network privacy, combine DoH with a VPN and enable proper WiFi security on your home network.

DoH Security Considerations

While DoH improves privacy, there are important security tradeoffs to consider:

Centralization risk — DoH concentrates DNS queries at a few large providers, creating potential single points of surveillance or failure.
Enterprise security bypass — DoH can bypass corporate DNS-based security controls, making it a concern for network administrators.
Split-horizon DNS issues — Internal domain resolution may fail if DoH queries go to external resolvers that can't resolve private domains.
Malware using DoH — Some malware uses DoH to hide its command-and-control DNS queries from network security tools.

Network administrators should consider deploying their own DoH resolver internally or using DNS-level security tools that support encrypted DNS. For home users, the privacy benefits generally outweigh these concerns.

Key Takeaways

DoH encrypts DNS queries using HTTPS, preventing ISPs and network operators from seeing your DNS traffic.
DoH uses port 443, making it indistinguishable from regular HTTPS traffic and harder to block than DoT.
Major providers (Cloudflare, Google, Quad9) offer free DoH resolvers with different privacy policies.
Enable DoH in your browser for per-device protection, or on your router for network-wide coverage.
Browser-level DoH overrides router DNS settings — use router-level configuration if you need network-wide control.
Combine DoH with other privacy measures for comprehensive protection against ISP tracking.

Video: DNS over HTTPS Explained

Related Tools and Guides

Frequently Asked Questions

Is DNS over HTTPS safe?

Yes, DoH is safe and improves your privacy by encrypting DNS queries. It prevents ISPs, public WiFi operators, and other network observers from seeing which domains you visit. Choose reputable providers like Cloudflare, Google, or Quad9 that have transparent privacy policies.

Does DoH slow down browsing?

The initial DoH connection requires a TLS handshake, which adds a small amount of latency. However, HTTP/2 persistent connections mean subsequent queries are fast. In practice, the difference is negligible — typically 1-5 ms. The privacy benefits far outweigh this minimal overhead.

Can my ISP still see my browsing with DoH?

Your ISP can no longer see your DNS queries with DoH. However, they can still see the IP addresses you connect to (via routing) and may infer the domain from the TLS Server Name Indication (SNI) field unless you also use Encrypted Client Hello (ECH). DoH is one layer of privacy, not a complete solution — a VPN provides more comprehensive protection.

What is the difference between DoH and DoT?

Both encrypt DNS queries. DoH uses HTTPS (port 443) and is harder to block since it blends with normal web traffic. DoT uses a dedicated port (853) that's easier to identify and block. DoH is better for browsers; DoT is commonly used in router and mobile configurations.

Should I use DoH or a VPN?

DoH and VPN serve different purposes. DoH only encrypts DNS queries — your ISP can still see connection metadata. A VPN encrypts all traffic including DNS. For maximum privacy, use both: a VPN for traffic encryption and DoH for DNS privacy if the VPN doesn't handle DNS.

Will DoH bypass parental controls?

If parental controls are DNS-based (like OpenDNS FamilyShield), enabling DoH in a browser will bypass them. To prevent this, configure DoH at the router level using a filtering DoH provider, or use browser management tools to disable per-application DoH settings.

Which DoH provider should I use?

Choose based on your priorities: Cloudflare (1.1.1.1) for speed and privacy, Quad9 for malware blocking, AdGuard for ad blocking, or Mullvad for maximum privacy. Run our DNS Speed Benchmark to find the fastest provider for your location.

About Tommy N.

Tommy is the founder of RouterHax and a network engineer with 10+ years of experience in home and enterprise networking. He specializes in router configuration, WiFi optimization, and network security. When not writing guides, he's testing the latest mesh WiFi systems and helping readers troubleshoot their home networks.

Promotion for FREE Gifts. Moreover, Free Items here. Disable Ad Blocker to get them all.

Once done, hit any button as below