0

can't select manual template with dns over https

Hi all, new to NextDNS here ๐Ÿ™‚

I want to use the DNS over https option on my windows 11 laptop.
But when i enter the ip-address 45.90.28.0 the selection box below it stays greyed out.
if i enter 8.8.8.8 it gets active and i can select option. 

Is this something that can be managed by policies? Its a work laptop, managed in intune, but as far as i know there are no plicies set for this.

2 replies

null
    • Rafal.4
    • 9 mths ago
    • Reported - view

    The same problem.

    I think this is not possible to select "On (manual template)" because there is no such option in Windows 11 Home Edition. It is only available in Windows 11 Pro version.

    When you run as Administrator these commands:

    netsh dns add encryption server=45.90.28.0 dohtemplate=https://dns.nextdns.io/ABCDEF autoupgrade=yes udpfallback=no

    netsh dns add encryption server=45.90.30.0 dohtemplate=https://dns.nextdns.io/ABCDEF autoupgrade=yes udpfallback=no

     

    (of course ABCDEF need to be replaced by your Configuration ID)

    then you can type IP addresses in "Preferred DNS" and "Alternate DNS" fields and in drop down list "Preferred DNS encryption" become available so you can choose "Encrypted only (DNS over HTTPS)

     

    but then... on https://my.nextdns.io when you logon and choose this profile it won't tell you

    "All good!

    This device is using NextDNS with this profile."

     

    but instead:

    "This device is not using NextDNS.

    This device is currently using โ€โ€ as DNS resolver."

     

    Its a shame for NextDNS Team that they provide instruction how to set DNS over HTTP without details that it works only in Windows Pro edition!

     

    NextDNS client is nice - you can install it, provide Configuration ID and done but... if you have kids then they can easily just disable NextDNS client (right click - Disable) and bingo! No restrictions!

    I have a yearly subscription in NextDNS but I will not renew it as this is not accepted that it is so easy to bypass settings for kids who even don't have administrative privileges granted by me on their PCs.

     

    PS. If you ran above netsh commands you can revert changes by looking into registry in HKLM\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DohWellKnownServers and there you see 45.90.28.0 and 45.90.30.0 keys that can be simply deleted.

      • Glen.2
      • 1 mth ago
      • Reported - view

       you should be able to configure your router to give clients the DNS servers,  Additionally, if you have one of the more customizable routers on the list for Nextdns support, you can also make it identify individual clients.  I had an old Asus-Merlin that worked great, now that I upgraded to Fiber,  I don't think this router will support that.  Although it does say it's built on OpenWRT.   Anyway, the general functionality still works, it's just that if you want the logs to identify clients,  I'll have to do that on the client.   I don't like the NextDNS app either, it's a VPN which I don't want.  Also, the YogaDNS app works well on windows 10 and is not so easy to turn off.

Content aside

  • 1 mth agoLast active
  • 2Replies
  • 584Views
  • 3 Following