Published: 14 May 2026 | Category: Practical Tutorial
1. What are DNS and DNS over HTTPS (DoH)?
Most of us just type in a web address when we go online, like heading to Google to search for something. But computers and the internet don't actually understand these English letters. That's where DNS (Domain Name System) comes in. Think of it as the internet's phonebook—it translates the web address you type into an IP address that your computer can read. However, traditional DNS queries have one massive fatal flaw: they are completely unencrypted!
Because traditional DNS is sent in plaintext, anyone who intercepts the data between you and the DNS server can see exactly which websites you're visiting. DNS over HTTPS (DoH) was created to solve this exact problem. It wraps your DNS queries inside an encrypted HTTPS connection, which is like putting a postcard into a locked envelope before mailing it out.
Once you enable DoH, your online experience gets a few major upgrades:
- Anti-Snooping: Hackers, Internet Service Providers (ISPs), and even public Wi-Fi providers won't be able to see what websites you're browsing.
- Anti-Tampering: It prevents DNS spoofing, stopping cybercriminals from redirecting you to fake phishing sites.
- Bypassing Basic Blocks: Some network environments use DNS to block specific websites. DoH helps you easily bypass these basic restrictions.
- Boosted Overall Security: For SMEs and individual users alike, an extra layer of encryption means an extra layer of protection, so you don't have to worry about data leaks.
2. Why Do Hong Kong Users and SMEs Need DoH?
In Hong Kong, we connect to countless different networks every day. From our home broadband and mobile data on the go, to free Wi-Fi in malls, cafes, or even the MTR, hidden risks are everywhere. Many people think that as long as a website has a padlock icon (HTTPS), it's completely safe. But the truth is, without DoH, the act of "which website you are visiting" is still public information.
For everyday consumers, you probably don't want your browsing habits recorded and used for targeted ads. For Hong Kong SMEs, protecting commercial secrets is even more critical. Imagine your staff meeting clients outside and using a cafe's free Wi-Fi to log into the company system or check out a competitor's website. Without DoH protection, those digital footprints could easily be harvested by malicious actors.
Here are a few scenarios where DoH protection is absolutely essential:
- Connecting to Public Wi-Fi: Public networks usually have terrible security. Hackers even set up fake Wi-Fi hotspots to launch Man-in-the-Middle attacks.
- Handling Sensitive Business Data: SME owners or finance staff need to ensure their connection is fully encrypted before handling online banking or reviewing confidential contracts.
- Preventing ISP Data Collection: Although Hong Kong's broadband market is mature, protecting yourself from any form of data collection and analysis is always the best practice.
- Remote Work: Whether you're working from home or at a coworking space, you don't control the network environment. DoH acts as your last line of defense.
⚠️ Note: DoH only encrypts your DNS queries; it's not a VPN. If you want to hide your real IP address or completely encrypt all your network traffic, you'll need a reliable VPN service.
3. Step-by-Step DoH Setup Guide for Major Browsers
Fortunately, setting up DoH no longer requires digging into deep system settings like it used to. Mainstream browsers on the market now have this feature built-in, and it only takes a few clicks. Below, we'll use Google Chrome and Microsoft Edge—the most popular browsers in Hong Kong—to show you how to enable secure DNS instantly.
If you're using Google Chrome, follow these steps:
- Open Chrome, click the three-dot icon in the top right corner, and select "Settings".
- Choose "Privacy and security" from the left-hand menu.
- Click on the "Security" option.
- Scroll down to the "Advanced" section and toggle on "Use secure DNS".
- Select "With", then choose your preferred provider from the dropdown menu (like Cloudflare or Google Public DNS).
If you're using Microsoft Edge, the setup is just as simple:
- Open Edge, click the three dots in the top right corner, and select "Settings".
- Select "Privacy, search, and services" from the left menu.
- Scroll down to the "Security" section.
- Toggle on "Use secure DNS to specify how to lookup the network address for websites".
- Select "Choose a service provider", click the input box, and pick a secure DNS like Cloudflare or Quad9.
4. Recommended Free Secure DNS Providers
When enabling DoH, you need to choose a reliable DNS provider. Most well-known DNS services on the market are free, and they have server nodes right here in Hong Kong or across Asia, so they won't slow down your internet speed. The big three are Cloudflare (1.1.1.1), Google (8.8.8.8), and Quad9 (9.9.9.9).
Each of these providers has its own perks. Cloudflare is famous for its blazing speeds and strict no-data-selling policy. Google offers solid stability, but since it's ultimately an ad company, hardcore privacy advocates might have some reservations. Quad9, on the other hand, focuses on built-in malicious website filtering, making it perfect for those who want extra protection against malware and phishing.
| Provider | Key Feature | Speed (Hong Kong) | Malware Filtering |
|---|---|---|---|
| Cloudflare (1.1.1.1) | Blazing fast, strict no-IP-logging policy | Extremely Fast ⚡⚡⚡ | Requires specific version (1.1.1.2) |
| Google (8.8.8.8) | High stability, massive global network | Fast ⚡⚡ | Basic protection |
| Quad9 (9.9.9.9) | Strong privacy protection, Swiss-registered | Fast ⚡⚡ | Built-in strong protection 🛡️ |
💡 Pro Tip: If you're an SME owner looking to block malicious websites across all company computers at once, we highly recommend using Quad9 or Cloudflare's 1.1.1.2 Family/Enterprise version. It drastically reduces the risk of staff accidentally falling for phishing sites.
5. How to Set Up DoH on Your Router for Full Coverage?
If you have a ton of devices at home or in the office (like phones, tablets, smart TVs, and IoT smart home gadgets), setting up DoH on each one is a massive waste of time. The ultimate set-it-and-forget-it method is configuring DNS over HTTPS directly at the broadband router level. This way, any device that connects to your Wi-Fi automatically gets DoH encryption.
Many modern routers (like high-end models from ASUS or TP-Link) already have DoH built into their firmware. Generally, you just need to log into your router's admin panel (usually via an IP like 192.168.1.1 or a URL like router.asus.com), head to "WAN Settings" or "LAN - DHCP Server", and look for "DNS Privacy" or "DNS over HTTPS" to toggle it on.
🔥 SME Upgrade Recommendation
If your company's router is too old to support DoH, it might be time for an upgrade. Many telecom providers (like HKT and HKBN) now offer commercial broadband plans starting at around $298/mo that include the latest Wi-Fi 6/6E business-grade routers. These come with stronger built-in firewalls and DNS encryption, solving your speed and security issues in one go!
Setting up DoH on your router comes with a few absolute advantages:
- Total Coverage: Even connections on your Guest Wi-Fi network will be protected.
- Protecting Non-Smart Devices: IoT gadgets like smart bulbs and IP cams that don't let you manually configure DNS can be protected from hijacking.
- Centralized Management: IT admins only need to flip the switch once on the router, and it instantly applies to the whole company—saving time and effort.
6. Summary: Online Privacy Starts with the Basics
Cybersecurity is never a one-click fix; it requires layers of defense. DNS over HTTPS (DoH) is a free, easy-to-setup tool that has minimal impact on your internet speed. Whether you're an everyday netizen who values privacy or a Hong Kong SME needing to protect commercial data, we highly recommend taking 5 minutes today to enable this feature on your browser or router.
Finally, a quick reminder: for a smooth and secure online experience, software and settings encryption are great, but infrastructure is just as important. A stable, low-latency broadband connection paired with a modern DoH-supported router is the only way to unlock maximum network performance.
- Regularly check for browser updates to ensure the DoH feature works properly.
- When out and about, try to use 5G mobile data instead of public Wi-Fi, or use a VPN + DoH for double protection.
- SMEs should consider upgrading to a commercial broadband plan with enterprise-grade security.
We hope this guide helps you easily take back control of your online privacy!