Android Setup
Android's mainstream encrypted DNS path is Private DNS. It is built into modern Android versions and uses a hostname, which makes Easy HNS a clean fit.
At a glance
Best for
People who want system-wide Handshake resolution on Android without installing extra apps.
Protocol
DoT
Coverage
System-wide
Setup time
1 minute
Main input
dns.easyhns.com
Android Setup stays focused on the shortest accurate path for this platform.
Guide summary
Before you start
Check 01
Android 9 or newer is recommended.
Check 02
Make sure you are not already forcing another Private DNS hostname.
Use the right field for the right input.
URL fields need the full DoH URL. Hostname fields need the DoT hostname only. IP fields need the raw address only.
Private DNS hostname
dns.easyhns.com
Enter this as the provider hostname in Android.
Location
London
Current public Easy HNS resolver location.
Short steps, no filler.
Follow the route in order, then verify the active DNS setting before changing another layer.
Step 01
Open Private DNS
Go to Settings > Network & internet and look for Private DNS. On some phones this lives under Connections or a More connection settings screen.
Step 02
Choose the manual hostname option
Select Private DNS provider hostname or the similarly named manual option.
Step 03
Enter the Easy HNS hostname
Type dns.easyhns.com and save. Android will start sending encrypted DNS lookups to Easy HNS.
How to verify
Open a browser and visit a Handshake domain after saving the hostname.
If nothing changes right away, toggle airplane mode on and off or disconnect and reconnect to Wi-Fi.
Search Settings for Private DNS again and confirm the hostname still shows as active.
Troubleshooting
If Android says it cannot connect, check that the hostname is entered exactly as shown with no https:// prefix.
Some school, work, or captive portal networks may block Private DNS. In that case, finish sign-in first or switch to a browser-only guide.
If you use a VPN app that also controls DNS, the VPN may override this setting.
Important note about Handshake website security warnings
Using Easy HNS gives you convenient access to Handshake domains, but standard browsers may still show security warnings for some Handshake websites.
Why? Because most mainstream browsers do not natively validate Handshake trust and DANE/TLSA in the same way they validate the conventional HTTPS web.
As a result:
- some Handshake websites may load over HTTP;
- some may show a browser warning or missing secure indicator;
- this is often a browser trust-model limitation, not automatically proof that the website is malicious.
If you want a stronger Handshake-native browsing experience with DANE/TLSA support, use Fingertip for desktop.
Using a VPN?
Easy HNS still works well with VPNs, but browser Secure DNS can override router or system DNS, and some VPN apps force their own resolver. Use 51.24.7.1 only in IP fields, use https://dns.easyhns.com/dns-query only in DoH fields, and verify which layer is actually winning.
Setup guide
Chrome
Use Chrome Secure DNS and point it at the Easy HNS DoH URL.
Protocol
DoH
Scope
Browser-only
Time
1 minute
Setup guide
Firefox
Firefox can keep DNS lookups in the browser using DNS over HTTPS protection.
Protocol
DoH
Scope
Browser-only
Time
1 to 2 minutes
Setup guide
Routers
Most routers can use Easy HNS network-wide with plain DNS IPs; advanced platforms can sometimes use encrypted DNS too.
Protocol
Plain DNS by default, DoT or DoH where supported
Scope
Network-wide
Time
5 to 10 minutes