DNS over HTTPS (DoH) encrypts the requests your device makes when looking up website addresses. Normally, DNS queries travel unencrypted across the internet, allowing your ISP, network administrator, or anyone monitoring your connection to see which sites you access.
When you enable DoH, these queries are wrapped in the same encryption that protects websites you visit over HTTPS. This means your ISP can see that you are using DoH, but not the actual domain names you are requesting.
How it works in practice: Instead of your browser asking your ISP's DNS server "what is the IP address for bbc.co.uk?", it sends that request to a DoH-compatible server (often run by a privacy-focused organisation or your browser maker) through an encrypted HTTPS connection. The response comes back encrypted as well.
Real-world example: If you use Firefox or Chrome with DoH enabled, your browser queries a remote encrypted DNS server rather than your router's default DNS. Your ISP sees encrypted traffic to that DoH server, but cannot read which websites you look up.
What to look for: Most modern browsers support DoH and let you enable it in settings. Check whether your chosen browser offers DoH as an option, and whether it allows you to choose which DNS provider to use. If privacy matters to you, DoH adds a worthwhile layer of protection, though it does not hide your browsing from your internet provider entirely (they still see which IP addresses your device connects to). It also slightly increases lookup time, though the difference is rarely noticeable.