DNS over HTTPS (DoH) - or "DNS encryption" as it is called in Windows - is a way to encrypt DNS queries and responses between a user's device and the resolving DNS server. For more on this see New in Simple DNS Plus v. 9.0.
To enable this in Windows Server 2022, do the following.
Unless you are using one of the DoH DNS server pre-configured in Windows (Cloudflare, Google, Quad 9), you first need to add the DoH DNS server to the "list of known servers".
This is done in PowerShell with the command:
Add-DnsClientDohServerAddress -ServerAddress '<resolver-IP-address>' -DohTemplate '<resolver-DoH-template>' -AllowFallbackToUdp $False -AutoUpgrade $True
For example if your DNS server IP address is
18.104.22.168 and its host name is
example.com, and the DNS server is Simple DNS Plus, you would use:
Add-DnsClientDohServerAddress -ServerAddress 22.214.171.124 -DohTemplate https://example.com/doh/dns-query
To do this, click the Windows Start Button, right-click on "Windows PowerShell", click "More" and click "Run as administrator":
Enter the command from above:
Next, click the Windows Start button, and click "Settings":
In the "Settings" dialog, select "Network & Internet" :
Click on "Ethernet" and then click on your network connection:
Under DNS settings, click the "Edit" button:
In the "Edit DNS settings" dialog, select "Manual", turn it on for IPv4 and/or IPv6, under "Preferred DNS" enter the IP address of your DNS server, and under "Preferred DNS encryption" select one of the "Encrypted..." options:
Note that the last setting ("Preferred DNS encryption) will only be available if you have completed the first steps above (adding the DNS server IP address to the "list of known servers" through PowerShell).
For more details about the "list of known servers", see Microsoft's documentation Secure DNS Client over HTTPS (DoH).