Windows 11 DoT Configuration

Secure your DNS with encrypted TLS connections

Back to Knowledge Base

Quick Configuration Endpoints

DNS over HTTPS

https://xyz01-srv.unrulycitizen.com/dns-query

DNS over TLS

xyz01-srv.unrulycitizen.com

Windows 11 DoT Configuration Methods

Method 1: Built-in Windows Settings (Recommended)

1
Open Network Settings

Right-click the network icon in system tray → "Network and Internet settings"

2
Access Adapter Properties

Click "Advanced network settings" → "More network adapter options"

3
Open Connection Properties

Right-click your active connection → "Properties"

4
Configure DNS

Select "Internet Protocol Version 4 (TCP/IPv4)" → "Properties"

5
Set DNS Server

Select "Use the following DNS server addresses" and enter:

Preferred DNS server: 140.82.41.243 (Use your actual IP address here)
6
Enable DoT

Click "Advanced" → DNS tab → Check "Use DNS over HTTPS"

7
Configure DoT

Set dropdown to "Manual" and enter:

Template: xyz01-srv.unrulycitizen.com

Method 2: PowerShell Command (Advanced)

Run Windows PowerShell as Administrator and execute:

# Set DNS server Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses "140.82.41.243" # Enable DoT for the interface Set-DnsClientDohServerAddress -ServerAddress "140.82.41.243" -DohTemplate "https://xyz01-srv.unrulycitizen.com:853" -AllowFallbackToUdp $false -AutoUpgrade $true

Replace "Ethernet" with your connection name (Wi-Fi, Ethernet, etc.)

Method 3: Registry Edit (For All Windows Versions)

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters] "DoHDefaultFallback"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers] "xyz01-srv.unrulycitizen.com"="https://xyz01-srv.unrulycitizen.com:853"

Save as .reg file and run as Administrator

Verification

To verify DoT is working on Windows 11:

Check DNS Settings

# Open Command Prompt and run: nslookup -type=soa unrulycitizen.com # Check DoT status: Get-DnsClientDohServerAddress

Test DoT Connection

# Test with kdig (install from chocolatey): kdig @xyz01-srv.unrulycitizen.com +tls-ca +tls-host=xyz01-srv.unrulycitizen.com google.com

Troubleshooting

DoT not working?

  • Ensure Windows 11 is updated to version 22H2 or later
  • Check if port 853 is open on your firewall
  • Verify DNS server IP address is correct
  • Try disabling IPv6 temporarily during setup

Fallback to unencrypted DNS?

  • Set AllowFallbackToUdp to $false in PowerShell
  • Check registry value DoHDefaultFallback is set to 0
  • Verify template URL format is correct
  • Restart DNS client service

Need More Help?

Join our community forums for personalized assistance and support

Join Community Forums Back to Knowledge Base