en-US

Control the mode of DNS-over-HTTPS

Supported on: Microsoft Edge version 83, Windows 7 or later

Registry

HKLM Software\Policies\Microsoft\Edge
HKCU Software\Policies\Microsoft\Edge

Options

DnsOverHttpsMode enum
  • Disable DNS-over-HTTPS -> off
  • Enable DNS-over-HTTPS with insecure fallback -> automatic
  • Enable DNS-over-HTTPS without insecure fallback -> secure

Description

Control the mode of the DNS-over-HTTPS resolver. This policy only sets the default mode for each query. The mode can be overridden for special types of queries such as requests to resolve a DNS-over-HTTPS server hostname. The "off" mode disables DNS-over-HTTPS. The "automatic" mode sends DNS-over-HTTPS queries first if a DNS-over-HTTPS server is available, and falls back to sending insecure queries on error. The "secure" mode only sends DNS-over-HTTPS queries and will fail to resolve on error. If you don't configure this policy for managed devices, DNS-over-HTTPS queries aren't sent. Instead, the browser may send DNS requests to a resolver associated with the user's system resolver. This could lead to a less secure or private DNS resolution process, depending on the resolver in use. Policy options mapping: * off (off) = Disable DNS-over-HTTPS * automatic (automatic) = Enable DNS-over-HTTPS with insecure fallback * secure (secure) = Enable DNS-over-HTTPS without insecure fallback Use the preceding information when configuring this policy. Example value: off