How to Configure Cloudflare or Quad9 DNS on Windows 11 Adapters
🔍 WiseChecker

How to Configure Cloudflare or Quad9 DNS on Windows 11 Adapters

by

Quick fix: Open Settings → Network & internet → Wi-Fi (or Ethernet) → [your network] → DNS server assignment → Edit → Manual. Enable IPv4. Set Preferred DNS: 1.1.1.1 (Cloudflare) or 9.9.9.9 (Quad9). Alternate: 1.0.0.1 or 149.112.112.112. Pick DNS over HTTPS: Automatic for encrypted DNS.

You want faster, more private DNS than your ISP’s default. Cloudflare’s 1.1.1.1 is the fastest public DNS in most regions. Quad9’s 9.9.9.9 adds malicious-domain filtering. Both support DNS over HTTPS (DoH), which encrypts queries to prevent ISP-level inspection. Setup takes 3 minutes per adapter.

Symptom: Want to change Windows 11 from ISP-default DNS to Cloudflare or Quad9 with optional DNS over HTTPS encryption.
Affects: Windows 11 (and Windows 10).
Fix time: ~5 minutes.

ADVERTISEMENT

What causes this

Default Windows 11 uses your ISP’s DNS servers (typically set automatically via DHCP). ISP DNS can be slow (high latency to far-away resolvers), can log your browsing activity, and can be hijacked to redirect failed lookups to ad pages. Public DNS providers offer alternatives: Cloudflare (fast, privacy-focused), Quad9 (malware filtering), Google (8.8.8.8, ubiquitous but tracks your activity).

Windows 11 added native DNS over HTTPS (DoH) support, which encrypts DNS queries. With DoH on, your ISP can’t see which sites you’re looking up, only that you’re using DoH.

Method 1: Configure DNS via Settings UI

The standard route.

  1. Open Settings → Network & internet.
  2. Click your active network type: Wi-Fi for wireless, Ethernet for wired.
  3. For Wi-Fi: click the network you’re connected to (with the “connected” label). For Ethernet: just click the adapter.
  4. Scroll to DNS server assignment. Click Edit.
  5. Change dropdown from Automatic (DHCP) to Manual.
  6. Toggle IPv4 On. Enter:
    • Preferred DNS: 1.1.1.1 (Cloudflare) or 9.9.9.9 (Quad9)
    • Alternate DNS: 1.0.0.1 (Cloudflare) or 149.112.112.112 (Quad9)
  7. For DNS over HTTPS: set both Preferred and Alternate to On (automatic template) or On (manual template). Automatic uses the well-known DoH endpoint for each address; Manual lets you specify a custom URL.
  8. For DoH manual template:
    • Cloudflare DoH URL: https://cloudflare-dns.com/dns-query
    • Quad9 DoH URL: https://dns.quad9.net/dns-query
  9. Toggle IPv6 On if your network supports it. Enter:
    • Cloudflare IPv6: 2606:4700:4700::1111 / 2606:4700:4700::1001
    • Quad9 IPv6: 2620:fe::fe / 2620:fe::9
  10. Click Save. The change applies immediately.

This is the recommended path. Settings UI is the cleanest interface.

ADVERTISEMENT

Method 2: Use PowerShell for scripted or remote configuration

For setting DNS on multiple PCs or via automation.

  1. Open Terminal (Admin).
  2. List network adapters: 
    Get-NetAdapter | Format-Table Name, InterfaceDescription, Status

    Note your active adapter name (typically “Wi-Fi” or “Ethernet”).

  3. Set IPv4 DNS: 
    Set-DnsClientServerAddress -InterfaceAlias "Wi-Fi" -ServerAddresses ("1.1.1.1","1.0.0.1")
  4. To revert to DHCP-supplied DNS: 
    Set-DnsClientServerAddress -InterfaceAlias "Wi-Fi" -ResetServerAddresses
  5. For DoH configuration via PowerShell (Windows 11 22H2+): 
    Set-DnsClientDohServerAddress -ServerAddress "1.1.1.1" -DohTemplate "https://cloudflare-dns.com/dns-query" -AllowFallbackToUdp $false -AutoUpgrade $true

    The -AutoUpgrade $true flag tells Windows to use DoH whenever possible, falling back to UDP only if DoH fails.

  6. Verify configuration: 
    Get-DnsClientServerAddress
Get-DnsClientDohServerAddress
  7. Flush cache after change: ipconfig /flushdns.

PowerShell is the right approach for scripted deployment across multiple machines.

Method 3: Set DNS at router level for whole-network change

If you want every device on your home network to use the new DNS without per-device configuration.

  1. Log in to your router’s admin panel. Typical URLs: 192.168.1.1, 192.168.0.1, or 192.168.86.1 (Google Wifi).
  2. Look for DNS Settings, WAN Settings, or Internet Setup.
  3. Change DNS from “Get automatically from ISP” to Manual.
  4. Enter Cloudflare or Quad9 DNS addresses as primary and secondary.
  5. Save settings. Router restarts. All devices on the network now use the new DNS.
  6. Note: most consumer routers don’t support DoH at the router level. To get DoH benefits while routing all devices, configure DoH on each device’s Wi-Fi adapter (Method 1) but use the router’s DNS as fallback for IoT devices that can’t do DoH.
  7. For mesh networks (Eero, Orbi, Google Wifi): the apps usually have a DNS setting under Advanced Networking.
  8. For Cloudflare Warp Plus subscribers: configure Cloudflare Warp on the router or per-device for full encrypted tunnel rather than just DoH.

Router-level changes affect every device. Use this when you want the change to apply to phones, tablets, smart TVs, etc.

How to verify the fix worked

  • Run ipconfig /all | findstr "DNS" in Terminal. Output should show your chosen DNS servers (1.1.1.1 etc.), not your ISP’s.
  • Run nslookup example.com. The result’s server line should show the chosen DNS server.
  • Test DoH: visit 1.1.1.1/help in browser. Status page shows whether you’re using Cloudflare DNS and whether DoH is active.
  • For Quad9: visit on.quad9.net. Status page confirms you’re using Quad9 DNS.

If none of these work

If DNS settings don’t take effect, the cause is usually a conflicting tool. VPN client: many VPN clients override DNS settings when connected. Disconnect VPN to test; configure VPN client to use Cloudflare/Quad9 instead. Group Policy on managed PCs: corporate IT often enforces specific DNS. Run gpresult /h C:\gpresult.html — if Network policies are listed, you can’t override without IT. Browser-level DoH: Edge, Chrome, Firefox each have their own DoH setting that overrides Windows. Check Browser Settings → Privacy → Use secure DNS. Public Wi-Fi captive portal: the captive portal intercepts DNS to redirect to its sign-in page. Until you sign in, your custom DNS won’t resolve normal sites. Sign in via the portal first. For PCs that show your DNS is correct but pages still feel slow: ping the DNS servers to verify latency. ping 1.1.1.1 — should be under 30 ms in most regions. If 100+ ms, pick a closer alternative (your ISP’s DNS may be regionally closer).

Bottom line: Settings → Network & internet → [adapter] → DNS server assignment → Manual. Enter 1.1.1.1 / 1.0.0.1 for Cloudflare or 9.9.9.9 / 149.112.112.112 for Quad9. Enable DoH for encrypted queries.

ADVERTISEMENT

← Back to WiseChecker HomeMore in Windows & PC

🔍 Recommended for You