Controls the mode of DNS-over-HTTPS

Controls the mode of the DNS-over-HTTPS resolver. Please note that this policy will only set the default mode for each query. The mode may be overridden for special types of queries such as requests to resolve a DNS-over-HTTPS server hostname.

The "off" mode will disable DNS-over-HTTPS.

The "automatic" mode will send DNS-over-HTTPS queries first if a DNS-over-HTTPS server is available and may fallback to sending insecure queries on error.

The "secure" mode will only send DNS-over-HTTPS queries and will fail to resolve on error.

On Android Pie and above, if DNS-over-TLS is active, Google Chrome will not send insecure DNS requests.

If this policy is unset the browser may send DNS-over-HTTPS requests to a resolver associated with the user's configured system resolver.

Example value: off

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Controls the mode of DNS-over-HTTPS


  1. Disable DNS-over-HTTPS
    Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
    Registry PathSoftware\Policies\Google\Chrome
    Value NameDnsOverHttpsMode
    Value TypeREG_SZ
    Valueoff
  2. Enable DNS-over-HTTPS with insecure fallback
    Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
    Registry PathSoftware\Policies\Google\Chrome
    Value NameDnsOverHttpsMode
    Value TypeREG_SZ
    Valueautomatic
  3. Enable DNS-over-HTTPS without insecure fallback
    Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
    Registry PathSoftware\Policies\Google\Chrome
    Value NameDnsOverHttpsMode
    Value TypeREG_SZ
    Valuesecure


chrome.admx

Administrative Templates (Computers)

Administrative Templates (Users)