☰

Sign in

OpenDNS
>
OpenDNS Device Configuration
>
Computer Configuration

🔍 Search

Articles in this section ▾

Using DNS over HTTPS (DoH) with OpenDNS

Digs

👤 Updated 22 days ago

Follow

Protect your DNS traffic with DoH

Keep your DNS queries private by using DNS over HTTPS (DoH) in supporting web browsers. Your
browser's DNS traffic becomes encrypted to remain private and unmodified by network operators
and snoops. OpenDNS now has the following DoH endpoints available:

Hostname Description

doh.opendns.com A DoH frontend to our standard production DNS service

as provided on 208.67.222.222 and 208.67.220.220

doh.familyshield.opendns.com A DoH frontend to our FamilyShield DNS service, pre-

configured to block adult content, as provided on
208.67.222.123 and 208.67.220.123

Steps for using DoH with OpenDNS will depend on your browser and operating system.

Mozilla Firefox
Details and instructions are available from Mozilla. Firefox can be configured to use OpenDNS as a
custom DNS over HTTPS provider. Go to Options > General > Network Settings and select Enable
DNS over HTTPS. Under Use Provider, choose Custom and enter one of the following URLs:

Standard DNS:

https://doh.opendns.com/dns-query

FamilyShield (blocks adult content):

 https://doh.familyshield.opendns.com/dns-query
Choose OK and your queries will be encrypted!

Google Chrome
Details and instructions on configuration are available from the Chromium Blog. Chrome will
automatically enable the use of DoH if the necessary flag is enabled and it sees OpenDNS anycast
IP addresses used by the operating system for DNS.

Configure your OS to use the following IP addresses as DNS servers:

Service IPv4 Addresses IPv6 Addresses

 Standard DNS 208.67.222.222
2620:119:35::35

208.67.220.220 2620:119:53::53

208.67.222.123
2620:119:35::123

FamilyShield
208.67.220.123 2620:119:53::123 

In Chrome's address bar, enter chrome://flags/#dns-over-https and set Secure DNS Lookups to

Enabled.

Relaunch your browser, and your DNS queries will be encrypted!

Note that Chrome looks for OpenDNS IP addresses specifically. This means if you're configured to
use to IP address of a local DNS server or forwarder, Chrome will not upgrade to using DoH, even if
that server forwards to OpenDNS.

If your computer is considered managed by Chrome, which is likely if your computer is provided to
you by your work or school, it will not auto-upgrade to using DoH.

Instead of auto-upgrading based on IP, advanced users can configure Chrome to use specific HTTPS
endpoints directly by launching Chrome from a shortcut or a command line with the following
parameters:

Standard DNS:

--enable-features="DnsOverHttps<DoHTrial" --force-fieldtrials="DoHTrial/G

FamilyShield:

="DoHTrial/Group1" --force-fieldtrial-params="DoHTrial.Group1:Fallback/true

Was this article helpful?

✓ Yes
✕ No

14 out of 17 found this helpful

Have more questions? Submit a request

Return to top ⬆

Recently viewed articles

Android Configuration instructions for OpenDNS

TP-Link Archer8

Does OpenDNS Support IPv6?

Related articles

Windows 10 Configuration

Querying OpenDNS using DoH (for developers)

FamilyShield Computer Configuration Instructions

Generalized Router Configuration Instructions

DNSSEC General Availability

OpenDNS