How to enable DNS over HTTPS in Chrome

How-to instructions:

Here’s a blog post I write about a week ago, Chrome currently supports a command line flag for enabling DNS over HTTPS functionality.

The only warning is that Chrome may change/modify the command line argument needed in the future, so check periodically to make sure DoH is still working.

You may notice this really only focuses on Windows. Currently, I am not aware of a way to persist this command line argument on macOS since the official guide only mentions opening a terminal, which means you can’t have DoH by just clicking Chrome from the dock.


Little update via this:

Tentative timeline
We are aiming for an experiment in Chrome 78 (branch cut: Sept 5th; estimated Stable: Oct 22nd) followed by a launch if everything goes well.

Chrome 78 (Branch cut likely will mean a Chrome Canary release) will have a real chrome://flags option for DoH support so you will be able to avoid the command line switch you currently need to do the above.

Once again, see the first link above for the instructions to enable it before v78.


Thanks for your post @Judge. :+1:
To automate this process, I used Alfred - Productivity App for macOS Workflow.
It runs this command by triggering ch keywork:

nohup /Applications/Google\\ Chrome --enable-features="dns-over-https<DoHTrial" --force-fieldtrials="DoHTrial/Group1" --force-fieldtrial-params="DoHTrial.Group1:server/https%3A%2F%2F1.1.1.1%2Fdns-query/method/POST" & disown >/tmp/chrome_doh_nohup_$(date +%F); sleep 3; exit;

Just import this file to Alfred Workflow and run ch:

You can check this video:

I guess Google Chrome doesn’t support ESNI at the moment, am I correct?

Connection Information:

1 Like

@aminkhoshnood, wouldnt it be easier to switch to Firefox?

Just sayin’ :smile:

1 Like

Absolutely, for daily usage I prefer Firefox (+ cloudflared on macOS ), just I saw there is not enough document regarding this topic :sweat_smile:
I will do anything to see DoH and ESNI activated on all platforms and browsers, it will help people with “censorship regimes” a lot.

1 Like

I still got No in Doh; using the above alfred workflow - chrome v78

Old text of post I'm not at liberty to go digging through the chromium source to find out why, but it looks like the flags don't work on Canary - currently it only works on stable (v76).

To confirm you launched with the flags, go to chrome://version and make sure “command line” contains the flags (--enable-features=...)


If possible, in Canary, could you take a screenshot of chrome://flags after searching for “DNS”? My chrome doesn’t show anything about “Secure DNS lookups”, yet this post shows it should be available in v78.

see below post

1 Like

in chrome://flags, there’s nothing except this when search for dns

Anonymize local IPs exposed by WebRTC.
Conceal local IP addresses with mDNS hostnames. – Mac, Windows, Linux, Chrome OS


in chrome://version, the command line already contains enable-features


1 Like

Looks like they rolled out changes to how DoH is handled in “managed” browsers (when any policy whatsoever is present).

If you see “managed by your organization” in the Kebab menu (tripple dot)

That means Chrome, in order to prevent rollout issues breaking DNS filters, won’t show the “Secure DNS lookups” in chrome://flags/#dns-over-https.

I had a bogus policy set up from some stuff I was trying, so it was hidden from me. Removing it shows:

Now, as to which DNS over HTTPS server it chooses is based on the existing DNS servers your DHCP is sending (or the servers configured in windows/macos, not sure).

See this commit:

It uses the DNS set up to choose the DNS server it should upgrade to. If your Router is broadcasting 1^4 IPs as the DNS endpoint to use, Chrome should use’s DoH server and should show DOH enabled.

1 Like

@tuananh as to your setup, let me know if it’s a managed browser; if it’s not, there might be something else gating the visibility of the feature flag.

1 Like

it’s managed indeed.

do you know where that setting is. this is just my personal google apps where i’m the admin.

1 Like

chrome://policy will show you any policies set up, disabling those might disable the managed state. Otherwise i would guess disabling MDM for your domain would no longer have it show as managed (this might require sign out/in though, unsure)

1 Like

my policies looks like this

   "chromeMetadata": {
      "OS": "macOS Version 10.14.6 (Build 18G87)",
      "application": "Google Chrome",
      "revision": "40bede06f8a7a191fc28dbebdad52d6917cec4fe-refs/branch-heads/[email protected]{#8}",
      "version": "78.0.3902.4 (Official Build) dev (64-bit)"
   "chromePolicies": {
      "MaxInvalidationFetchDelay": {
         "level": "mandatory",
         "scope": "user",
         "source": "cloud",
         "value": 10000
   "extensionPolicies": {
      "cjpalhdlnbpafiamejdnhcphjbkeiagm": {

      "ghbmnnjooekpmoecnnnilnnbdlolhkhi": {


i disable MDM but it’s still not available after sign out / in

1 Like

Ya, you’re going to have to remove that one policy, but I can’t find anything related to removing them on Mac (It’s easy on windows since it’s all Reg keys). Hope you can figure it out.


why my chrome doh keep failing , and i need to restart the chrome every once in a while to make the doh working . Anyone have the same issues ? . i enable dns over https on chrome://flags/#dns-over-https , on my network configuration i put and on dns option. i check whether my doh is working by go to this site . Everything ok but on 10 to 15 minutes while browsing the dns is failing and revert back to my isp dns , and I need to restart the chrome to make the doh working again.

Its not working with Chrome OS. It has the “Secure DNS” on the chrome://flags page but despite being enabled(for some time now on my chromebook) its not working. Also using Cloudflare DNS on all my devices. And its working fine on Android and Windows 10. So when will Chrome OS catch up?

I enabled secure dns in chrome://flags.

My dns servers for the computer are and

But I’m still not able to use DoH.

Incidentally, the cloudflare app on my IOS device perpetually shows “Connecting”.

Could my isp by blocking DoH?


Chrome will only enable the DoH if you configure as a system resolver in the network settings (you’d see “Connected to Yes” as well).


Cloudflare is set as the systems dns server and yet I am still not connected to Same issue with all my other computers at home and at work.

Screenshot 2020-01-11 at 6.09.38 AM

There seems like there was a problem with the test page, it reported DoH as not enabled in some cases when it was enabled. Any chance you could try again?