To improve your online privacy and security, Windows 11 lets you use DNS over HTTPS (DoH) to encrypt the DNS requests your computer makes when you browse or do anything else on the Internet. This article will show you how to set it up in Windows 11.
Encrypted DNS is more private and secure
Every time you visit a website using a domain name (such as “suay.site”), your computer sends a request to a Domain Name System (DNS) server. The DNS server takes the domain name and looks up the corresponding IP address from the list. It sends an IP address back to your computer, which is then used to connect to the site.
See also: How to enable DNS over HTTPS and what it is for
This process of getting the resolution of a domain name to an IP address traditionally took place on the network in the plain text. Any intermediate point can intercept the transmitted information – the domain names of the sites you visit and their IPs. With DNS over HTTPS, also known as DoH, communication between your computer and a DoH-enabled DNS server is encrypted. No one can intercept your DNS requests to track the addresses you visit or spoof responses from a DNS server.
First, choose a free DNS with DoH support – there are already a lot of them now
Starting with the release of Windows 11, DNS over HTTPS in Windows 11 only works with a certain hard-coded list of free DNS services (you can see the list yourself by running
netsh dns show encryption
in the terminal window).
Here is the current list of supported IPv4 DNS server addresses as of October 2022:
-
Primary Google DNS: 8.8.8.8
-
Additional Google DNS: 8.8.4.4
-
Cloudflare Primary DNS: 1.1.1.1
-
Secondary DNS Cloudflare: 1.0.0.1
-
Primary DNS Quad9: 9.9.9.9
-
Secondary DNS Quad9: 149.112.112.112
For IPv6, list of supported DNS server addresses:
-
Primary Google DNS: 2001:4860:4860::8888
-
Google Secondary DNS: 2001:4860:4860::8844
-
Cloudflare primary DNS server: 2606:4700:4700::1111
-
Additional Cloudflare DNS: 2606:4700:4700::1001
-
Primary DNS Quad9: 2620:fe::fe
-
Secondary DNS Quad9: 2620:fe::fe:9
When it comes time to enable DoH in the section below, you will need to select two pairs of these DNS servers – primary and secondary for IPv4 and IPv6 – to use with your Windows 11 PC. As a bonus, using them will likely speed up your Internet experience.
Enable DNS over HTTPS in Windows 11
To start configuring DNS over HTTPS, open the Settings app by pressing Win+i on your keyboard. Alternatively, you can right-click the Start button and select “Settings” from the special menu that appears.
In Settings, click “Network & internet” in the sidebar.
For “Wi-Fi” and “Ethernet”, the procedure for setting up DNS over HTTPS is slightly different.
Configuring DNS over HTTPS for Ethernet (Wired)
In Network & internet, click the name of your primary Internet connection in the list, such as “Ethernet”.
On the Ethernet properties page, find the “DNS server assignment” setting and click the “Edit” button next to it.
In the window that appears, select “Manual” DNS settings from the drop-down menu.
Then turn the “IPv4” switch to the “On” position.
In the IPv4 section, enter the primary DNS server address you selected in the section above in the “Preferred DNS” field (for example, “8.8.8.8”).
The drop-down list “Preferred DNS encryption” will become active. In this list, select “Encrypted only (DNS over HTTPS)”.
Similarly, enter the address of the secondary DNS server in the “Alternate DNS” field (for example, “8.8.4.4”). The drop-down list “Preferred DNS encryption” will become active. In this list, select “Encrypted only (DNS over HTTPS)”.
If your ISP supports IPv6, then repeat this process with IPv6. If your ISP does NOT support IPv6, then you DO NOT need to enable IPv6 DNS servers. If you're unsure, it's best not to enable IPv6 DNS.
Switch the IPv6 switch to the On position, and then copy the primary IPv6 address from the section above and paste it into the “Preferred DNS” field. Then copy the appropriate secondary IPv6 address and paste it into the “Alternate DNS” field.
After that, set both “Preferred DNS encryption” options to “Encrypted only (DNS over HTTPS)”.
Finally, click “Save”.
Back on the Ethernet hardware properties page, you'll see a list of your DNS servers with “(Encrypted)” marked next to each one.
Configuring DNS over HTTPS for Wi-Fi (Wireless)
In Network & internet settings, click the name of your primary Internet connection in the list, such as Wi-Fi.
On the Wi-Fi properties page, go to the “Hardware properties” section.
On the next window, locate the “DNS server assignment” option and click the “Change” button next to it.
In the window that appears, select “Manual” DNS settings from the drop-down menu. Then turn the “IPv4” switch to the “On” position.
In the IPv4 section, enter the primary DNS server address you selected in the section above in the “Preferred DNS” field (for example, “8.8.8.8”).
The drop-down list “Preferred DNS encryption” will become active. In this list, select “Encrypted only (DNS over HTTPS)”.
Tip: If you don't see the “Preferred DNS encryption” settings, then you are editing the DNS settings for a specific Wi-Fi connection and not for the wireless adapter as a whole. Make sure you have selected the connection type in Settings → Network & internet, then click “Hardware properties” first.
Similarly, enter the address of the secondary DNS server in the “Alternate DNS” field (for example, “8.8.4.4”).
If your ISP supports IPv6, then repeat this process with IPv6. If your ISP does NOT support IPv6, then you DO NOT need to enable IPv6 DNS servers. If you're unsure, it's best not to enable IPv6 DNS.
Switch the IPv6 switch to the On position, and then copy the primary IPv6 address from the section above and paste it into the “Preferred DNS” field. Then copy the appropriate secondary IPv6 address and paste it into the “Alternate DNS” field.
After that, set both “Preferred DNS encryption” options to “Encrypted only (DNS over HTTPS)”.
Finally, click “Save”.
Back on the Wi-Fi hardware properties page, you'll see a list of your DNS servers with “(Encrypted)” marked next to each one.
That's all you need to do. Close the Settings app, and you are ready to go. From now on, all your DNS requests will be private and secure. Happy viewing!
Note. If you're having network problems after changing these settings, make sure you've entered the correct IP addresses. An incorrect IP address can cause DNS servers to be unavailable. If the addresses are entered correctly, try disabling the “IPv6” switch in the list of DNS servers. If you are configuring IPv6 DNS servers on a computer that is not connected to IPv6, this can cause connectivity issues.
How to prevent Tor users from viewing or commenting on a WordPress site
Posted by Alex On October 19, 2022
The Tor network is an important tool for anonymity, privacy, and censorship circumvention, which in some countries is being fought even at the state level.
But Tor is a public tool, so it can sometimes be used for online trolling and bullying. This article will show you how:
WordPress plugin to control allowed actions from the Tor network
VigilanTor is a free WordPress plugin that can block comments, browsing, and registration for Tor users.
This plugin automatically updates the list of IP addresses of the Tor network and, after configuration, automatically controls and blocks Tor users.
To install VigilanTor, go to WordPress Admin Panel → Plugins → Add New.
Search for “VigilanTor”, install and activate it.
Then go to Settings →VigilanTor Settings.
We will perform all subsequent actions on the plugin settings page.
How to disable commenting on a site from Tor
Enable two settings:
Now Tor users will still be able to view your site, but when they try to leave a comment, they will receive a message:
How to prevent Tor users from registering and logging into the site
To prevent Tor users from registering on a WordPress site and preventing registered users from logging in from the Tor network, enable the following settings:
How to Block Tor Users from Viewing a WordPress Site
Enable setting:
This setting will prevent any activity, including logging into the site, commenting, and browsing.
When trying to open a site in Tor, the user will receive a message:
How often does VigilanTor update the list of Tor IP addresses
The Tor network often changes IP addresses, that is, new ones are added, and old ones are removed. Once downloaded, the Tor network IP list becomes obsolete over time.
VigilanTor automatically downloads the list of Tor IP addresses and updates it automatically.
By default, the update is performed every 10 minutes. You can increase this interval to 6 hours, or enable real-time updates.