Your DNS server is what turns a name like example.com into an IP address. By default Windows uses your ISP's resolver, which can be slow, log your lookups, and skip encryption. Switching to a privacy-focused provider takes about a minute.
Why Change Your DNS Server?
- Privacy: stop your ISP from seeing and logging every domain you visit.
- Speed: providers like Cloudflare are often faster than ISP defaults.
- Security: resolvers like Quad9 block known malicious and phishing domains.
- Encryption: DNS over HTTPS (DoH) hides your lookups from anyone on the network.
Change DNS on Windows 11 (Settings)
- Open Settings → Network & internet.
- Select your connection: Wi-Fi or Ethernet, then click your network name.
- Next to DNS server assignment, click Edit.
- Switch the dropdown from Automatic to Manual.
- Turn IPv4 on and enter a preferred and alternate DNS, e.g.
1.1.1.1and1.0.0.1. - Set DNS over HTTPS to On (automatic template) to encrypt lookups.
- Click Save.
Change DNS on Windows 10 (Control Panel)
- Open Control Panel → Network and Sharing Center → Change adapter settings.
- Right-click your active adapter and choose Properties.
- Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
- Choose Use the following DNS server addresses and enter
1.1.1.1and1.0.0.1. - Click OK and close the dialogs.
OS-Level vs Browser-Level DNS
Browsers like Chrome and Firefox have their own "secure DNS" setting, but it only covers that browser. Changing DNS in Windows covers everything — every browser, app, and background service. For a browser-only approach instead, see how to fix DNS leaks in Chrome, Brave, and Firefox.
Verify the Change Worked
After saving, run our free DNS leak test. The DNS servers shown should now belong to your chosen provider (for example, Cloudflare) rather than your ISP. If your ISP still appears, double-check the adapter you edited, or read what DNS leaks are and why they happen.