Hello all,

Since the release of Windows 11, I was able to active DoH natively on all my devices. Up till now, I didn't have any issues and I can confirm in the analytics that indeed everything is properly encrypted.

I've written a small PowerShell script for it, since you need to add the DoH severs manually before it works. Also, I've added a general binding of the DNS severs to the WiFi and Ethernet adapter, so that you don't have to fill this in by yourself.

Here's the code. Feel free to use or improve it.

#requires -RunAsAdministrator

$id = Read-Host "NextDNS ID"
$device = Read-Host "Device Name (Leave empty if annonymous)"
$template = "https://dns.nextdns.io/" + $id + "/" + $device

$ipv6a = "2a07:a8c0::" + $id.substring(0,2) + ":" + $id.substring(2,4)
$ipv6b = "2a07:a8c1::" + $id.substring(0,2) + ":" + $id.substring(2,4)

Write-Host Adding DOH servers... -ForegroundColor Green
Remove-DnsClientDohServerAddress -ServerAddress 45.90.30.129, 45.90.28.129, $ipv6a, $ipv6b -Erroraction Ignore | Out-Null
Add-DnsClientDohServerAddress -ServerAddress 45.90.28.129 -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress 45.90.30.129 -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress $ipv6a -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress $ipv6b -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True

Write-Host Redirect DNS to DOH... -ForegroundColor Green
Get-NetIPConfiguration | where InterfaceAlias -match "^Wi-Fi|^Ethernet" | ForEach { ($_).InterfaceIndex } | ForEach { Set-DnsClientServerAddress -InterfaceIndex $_ -ServerAddresses 45.90.28.129, 45.90.30.129, $ipv6a, $ipv6b }