¶ Legacy DNS
You can change your DNS server on any version of Windows, the instructions are all the same.
¶ Command Line
Configure your legacy DNS (UDP 53) resolver via command line. This is much faster than using the GUI.
¶ Step 1
Open Administrative command line and enter this command:
netsh interface ip show config
¶ Step 2
Find the Interface you are currently using or want to change the DNS server on. The one you're most likely looking for will be called “Ethernet” or “Wi-fi”. Take the exact interface name, and then enter this command:
netsh interface ipv4 set dns name="$INTERFACE_NAME" static $DNS_IP
For example, if we wanted to enable the free ad-blocking resolver, on your Wi-Fi interface, you would run this command:
netsh interface ipv4 set dns name="Wi-Fi" static 76.76.2.2
If you are setting up a custom premium resolver, the command would be as follows:
netsh interface ipv4 set dns name="Wi-Fi" static $RESOLVER_IP
$RESOLVER_IP is found in the My Account section.
¶ Command Line - Single Step
This is an alternative way of doing the above, as a single command.
¶ Step 1
Open Administrative command line and enter this command:
powershell -command "Get-WmiObject -Class Win32_IP4RouteTable | where { $_.destination -eq '0.0.0.0' -and $_.mask -eq '0.0.0.0'} | Sort-Object metric1 | select interfaceindex | set-DnsClientServerAddress -ServerAddresses ('76.76.2.2')"
Where 76.76.2.2 is your private resolver from the My Account section (yours will be different).
¶ GUI
Configure legacy DNS (UDP 53) resolver via the GUI, without touching the command line.
¶ Step 1
Open Control Panel from Start menu.
¶ Step 2
Click on “Network and Internet”.
¶ Step 3
Click on “Network and Sharing Center”.
¶ Step 4
Select your currently in use network connection.
¶ Step 5
Double-click on “Change adapter settings”.
¶ Step 6
Select “Properties”
¶ Step 7
Double-click on “Internet Protocol Version 4…”.
¶ Step 8
Select “Use the following DNS server addresses”.
¶ Step 9
Input your desired DNS server IP address into the “Preferred DNS server” field. You can leave “Alternate” as blank.
¶ Secure DNS
This option is only available if you are running the latest version of Windows 10 or Windows 11 which allow you to configure a DNS-Over-HTTPS resolver at the OS level.
¶ Command Line
Configure DoH (TCP 443) resolver via command line. However you will still need to use the GUI for the last step, since netsh doesn't seem to support CLI method of enabling the encrypted resolver.
¶ Step 1
Open Administrative command line and enter the following command to create a template
netsh dns add encryption server=$DNS_IP dohtemplate=$DNS_HASH
Where $DNS_HASH is the desired resolver's DoH URL, and $DNS_IP is the legacy DNS IP address of the resolver you wish to use. For example, if we wanted to enable the free ad-blocking resolver, you would run this command:
netsh dns add encryption server=76.76.2.2 dohtemplate=https://freedns.controld.com/p2
If you are setting up a custom premium resolver, the command would be as follows:
netsh dns add encryption server=76.76.2.168 dohtemplate=https://dns.controld.com/$UID
$UID is found in the My Account section. Keep in mind, your Legacy DNS IP and resolver UID will be unique to your account. Below is for demo purposes only.
¶ Step 2
Find the Interface you are currently using or want to change the DNS server on. The one you're most likely looking for will be called “Ethernet” or “Wi-fi”. Take the exact interface name, and then enter this command:
netsh interface ipv4 set dns name="$INTERFACE_NAME" static $DNS_IP
For example, if we wanted to enable the free ad-blocking resolver, on your Wi-Fi interface, you would run this command:
netsh interface ipv4 set dns name="Wi-Fi" static 76.76.2.2
If you are setting up a custom premium resolver, the command would be as follows:
netsh interface ipv4 set dns name="Wi-Fi" static 76.76.2.166 (your IP will be different)
You will likely get an error like this, which you can ignore, because Windows.
The configured DNS server is incorrect or does not exist.
¶ Step 3
This step must be done through the GUI for the time being. Go to Start and search for “Network Status” and click Properties. Scroll down to DNS Settings and click Edit.
Change “Preferred DNS Encryption” to Encrypted Only and press Save.
