What does DNS stand for?

DNS stands for Domain Name System. It acts as the internet's phonebook, translating human-readable website names (like wikipedia.org) into the raw numerical IP addresses that computers use to talk to each other.

Does Encrypted DNS make my internet faster?

Often, yes. By default you use your ISP's DNS servers, which can be sluggish and overloaded. Switching to a fast encrypted DNS provider like Cloudflare (1.1.1.1) or Google (8.8.8.8) can marginally speed up how fast web pages begin loading.

What is Encrypted DNS (DoH) and Why It Matters

Q: Is Encrypted DNS the same as a VPN?

No. A VPN fully encrypts all your internet traffic and hides your physical IP address from the website. Encrypted DNS only encrypts the 'phonebook request' (hiding the name of the website from your ISP), but the website itself still knows your real IP address.

If you've poked around the settings of Google Chrome, Firefox, or Safari recently, you may have seen a toggle switch suggesting you turn on "Secure DNS" or "DNS over HTTPS (DoH)."

Most people leave it alone because it sounds like a highly technical networking term reserved for server administrators.

The truth is, Encrypted DNS is one of the most powerful, free privacy tools available to the average internet user today. It is a critical layer of defense against corporate surveillance, specifically designed to stop your Internet Service Provider (ISP) from legally spying on your browsing habits.

But to answer the question, what is encrypted DNS?, we first need to look at how your computer finds websites in the dark.

How the Internet Phonebook Works

Computers do not understand words. When you type netflix.com into your browser, your computer has absolutely no idea what "Netflix" is or where it lives on the internet.

Computers only understand IP Addresses—long strings of numbers like 198.51.100.14. (If you want to see what your own digital IP number looks like, you can use our IPv4 to IPv6 tool to inspect it).

To cross the bridge between human words and computer numbers, the internet uses the Domain Name System (DNS). Think of DNS as the phonebook of the internet. When you type netflix.com, your browser instantly sends a request to a DNS server asking, "Hey, what is the IP address for Netflix?"

The DNS server looks up the name, finds the number, and sends it back to your browser. Your browser then connects to that numerical IP address, and the Netflix homepage loads. This entire "phonebook lookup" happens in milliseconds.

The Plain-Text Privacy Problem

By default, the DNS server you are using belongs to your Internet Service Provider (like Comcast, Spectrum, or AT&T).

For forty years, standard DNS requests have been sent via "plain text." This means there is zero encryption. As your request travels from your house to your ISP's phonebook, anyone looking at the cables can read exactly what you are asking for.

While modern HTTPS encryption ensures that hackers cannot see what you do on a website (they can't see your passwords or your bank balance), plain-text DNS allows your ISP to see exactly which websites you are visiting.

If you visit a political forum, a medical clinic website, or an esoteric hobby blog, your ISP logs that request. In many countries (including the US), ISPs are legally allowed to aggregate this DNS history and creatively monetize it—often by selling anonymized advertising profiles to data brokers.

What is Encrypted DNS (DoH)?

This massive privacy loophole is completely solved by DNS over HTTPS (DoH), which is the technical name for Encrypted DNS.

DoH takes that "phonebook request" your browser makes and wraps it in the exact same military-grade HTTPS encryption used by banking websites. It then sends this encrypted request directly to a third-party, privacy-focused DNS provider (such as Cloudflare or Google), completely bypassing your ISP's spying eyes.

When you use Encrypted DNS, your ISP can see that you are using the internet, but all they see is a stream of scrambled mathematical gibberish pointing toward a generic server. They cannot read the phonebook requests, which means they physically cannot build a history of the websites you visit.

How to Enable It Right Now

The best part about Encrypted DNS is that it is completely free and already built into your browser. It just takes 30 seconds to turn on.

In Google Chrome:

Go to Settings > Privacy and security.
Click on Security.
Scroll down to the "Advanced" section and find "Use secure DNS".
Toggle it on. Instead of using your current provider, select a custom provider from the drop-down menu (Cloudflare 1.1.1.1 is highly recommended for speed and its strict privacy policy).

In Firefox:

Go to Settings > Privacy & Security.
Scroll all the way down to the DNS over HTTPS section.
Change the setting from "Default Protection" to Increased Protection or Max Protection.
Select Cloudflare from the provider menu.

Is Encrypted DNS the same as a VPN?

No. While they are both privacy tools, they solve different problems.

As we learned, Encrypted DNS acts like putting your internet phonebook requests into a sealed envelope. Your ISP can't see the envelope's contents, but the final website you visit (Netflix) still sees your real home IP address.

A VPN (Virtual Private Network), on the other hand, acts like a digital middleman. It encrypts all your traffic (including DNS) and routes it through a server in another city.

Use Encrypted DNS if: You want to stop your ISP from tracking and selling your browsing history, but you don't want to pay for a VPN or deal with a VPN slowing your internet speeds down.
Use a VPN if: You need to hide your real physical location from the websites you visit (like unblocking geo-restricted streaming content) or you are working on dangerous public Wi-Fi.

(Note: Whenever you install new security configurations, you can use our Security Tools, like the MD5 hashing tool to verify data integrity, or our network tabs to ensure you haven't broken your local connectivity.)

The Bottom Line

In the modern age, data is currency. ISPs have realized that monitoring user DNS requests is an incredibly lucrative business model. By taking two minutes to enable Encrypted DNS in your browser settings, you instantly cut them off from that revenue stream and take back control of your privacy without spending a dime.

Frequently Asked Questions

Does Encrypted DNS break ad-blockers?

If you use a browser-based ad-blocker (like uBlock Origin), Encrypted DNS works perfectly with it. However, if you use a network-wide DNS ad-blocker (like a physical Raspberry Pi running Pi-Hole), enabling browser-level DoH will bypass the Pi-Hole, causing ads to appear again.

Why didn't my browser turn this on by default?

Major browsers are slowly rolling it out by default, but it is complicated. Sometimes, overriding DNS settings breaks internal corporate networks (like a hospital Intranet). Browsers are being cautious so they don't accidentally break the internet for enterprise workers.

What is the difference between DoH and DoT?

DoH (DNS over HTTPS) routes the DNS request through normal web traffic ports (Port 443), making it invisible to network administrators who just see it as normal website traffic. DoT (DNS over TLS) uses a dedicated port (Port 853). DoT is technically slightly faster, but DoH is better for privacy because network admins can easily block Port 853 if they want to force you to use their tracking DNS.

Written by the Footprint Team

We believe privacy is a fundamental human right. Understand your digital footprint by testing your connection against our free Network Utilities →.