0

IPv6 DoH?

I'm trying to get DoH working on IPv6 on Windows 11 and verify that it's working. The setup page doesn't seem to have specific instructions for this, so I'm kind of improvising.

DoH is definitely working on IPv4, and my devices are identified in the log by adding a name at the end of the DoH template url. https://dns.nextdns.io/profileid/devicename

I turned on DoH for IPv6 in Windows and used the same template url. Windows seems to think that DNS on IPv6 is now encrypted. But in the NextDNS log, I'm still getting enteries with no padlock icon and no device name, just an IPv6 address. So it seems like maybe it's not working?

 Not really sure what I'm missing here... Any tips?

Or if DoH isn't properly supported on IPv6, would it be advisable to disable IPv6 for now?

6 replies

null
    • Martheen
    • 1 yr ago
    • Reported - view

    The problem is very likely on the Windows side. With dnslookup I tried sending DoH request explicitly to my NextDNS  profile IPv6 address, and I see the custom identifier I included and the padlock icon. Make sure that Fallback to plaintext is disabled. In my W11 install, the config is pointed to my personal server, but it won't respond to unencrypted requests, so the DoH request goes through.

    • Neon_Jewel
    • 1 yr ago
    • Reported - view

    use the windows app, and everything is configured for you :-)

      • mylesm
      • 1 yr ago
      • Reported - view

       fallback to plaintext is definitely disabled. Is the same template url supposed to work for ipv4 and ipv6? The setup instructions don't specifically mention DoH for ipv6 so I'm trying to confirm that that's even how it's supposed to work.

       

      thanks, but I don't think the windows app should be necessary for someone comfortable with configuring dns on their own. And I would really rather avoid installing another app on my device

    • Geoffrey_Sperl
    • 1 yr ago
    • Reported - view

    Bump.

    I'm seeing the same behavior on my son's Win 11 machine—IPv4 shows up as encrypted in the logs, but the IPv6 does not (both show as encrypted in the settings and IPv6 is using the same DoH template URL as IPv4).

    I have tried the Windows app, which works correctly. However, a standard user account can disable the app, so the app doesn't solve this issue.

    • Geoffrey_Sperl
    • 1 yr ago
    • Reported - view

    Ahhhh… I checked logs from my phone on a lark and there I see them reporting the Win 11 laptop as encrypted when using IPv6 and they show the laptop’s name.

    This may simply be an oversight in the desktop browser view of the logs. I’m hoping that’s the case. (That doesn’t explain why the app configuration shows IPv6 logs correctly, though. Unless the app reports differently?)

      • mylesm
      • 1 yr ago
      • Reported - view

       I tried this, but IPv6 queries are not reporting as encrypted or with my device name when I view the logs on my phone in my case... 🤷‍♂️

Login to reply

Content aside

  • 1 yr agoLast active
  • 6Replies
  • 815Views
  • 4 Following