3

Enable DoH natively on Windows 11

Hello all,

Since the release of Windows 11, I was able to active DoH natively on all my devices. Up till now, I didn't have any issues and I can confirm in the analytics that indeed everything is properly encrypted.

I've written a small PowerShell script for it, since you need to add the DoH severs manually before it works. Also, I've added a general binding of the DNS severs to the WiFi and Ethernet adapter, so that you don't have to fill this in by yourself.

Here's the code. Feel free to use or improve it.

#requires -RunAsAdministrator

$id = Read-Host "NextDNS ID"
$device = Read-Host "Device Name (Leave empty if annonymous)"
$template = "https://dns.nextdns.io/" + $id + "/" + $device

$ipv6a = "2a07:a8c0::" + $id.substring(0,2) + ":" + $id.substring(2,4)
$ipv6b = "2a07:a8c1::" + $id.substring(0,2) + ":" + $id.substring(2,4)

Write-Host Adding DOH servers... -ForegroundColor Green
Remove-DnsClientDohServerAddress -ServerAddress 45.90.30.129, 45.90.28.129, $ipv6a, $ipv6b -Erroraction Ignore | Out-Null
Add-DnsClientDohServerAddress -ServerAddress 45.90.28.129 -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress 45.90.30.129 -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress $ipv6a -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress $ipv6b -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True

Write-Host Redirect DNS to DOH... -ForegroundColor Green
Get-NetIPConfiguration | where InterfaceAlias -match "^Wi-Fi|^Ethernet" | ForEach { ($_).InterfaceIndex } | ForEach { Set-DnsClientServerAddress -InterfaceIndex $_ -ServerAddresses 45.90.28.129, 45.90.30.129, $ipv6a, $ipv6b }

6 replies

null
    • NextDNs
    • 3 yrs ago
    • Reported - view

    If you use our windows client, it will do what your powershell script is doing with a UI when installed in a windows 11.

    • Britton_Hall
    • 3 yrs ago
    • Reported - view

    What in this code would I replace with my own details? I'm not very familiar with PowerShell but I can copy and paste this if I know what to replace with my own config.

      • Pro subscriber ✓
      • DynamicNotSlow
      • 3 yrs ago
      • Reported - view

      Britton Hall not needed. You can config that in network GUI 

    • First_Last
    • 3 yrs ago
    • Reported - view

    My given Resolver is 118 instead of 129. Maybe add that as a read-host after config ID. (Since  its on the same page.) Would also allow one place to edit ip similar to ipv6 setup atm.

    Anyways just want to say thanks for typing this up, don't know why the app doesn't have a option for a installer-less/service-less setup run for windows 11.

    • Helge_Klein
    • 2 yrs ago
    • Reported - view

    Emerald Star's script was very helpful. I've used it as a starting point for a more complete (and comfortable) script that also sets the DohFlags registry value without which the DNS queries are unencrypted.

    You can find my script here: https://github.com/helgeklein/Win-DNS-DoH-PoSh

    • Razrusheniye
    • 2 yrs ago
    • Reported - view

    Yeah it works !

    but i have an issue when i connect with doh it will not connect with ultralow (it connect with anycast) is there any solution ?

Login to reply

Content aside

  • 3 Likes
  • 2 yrs agoLast active
  • 6Replies
  • 2330Views
  • 6 Following