2021-10-14 08:46:44 +02:00
|
|
|
# DNS over HTTPS in Windows 11
|
|
|
|
|
|
|
|
|
|
Requires Windows 11.
|
|
|
|
|
|
|
|
|
|
* `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
|
|
|
|
|
didn't seem to work for me or it allowed me to set the DNS server to not
|
|
|
|
|
use DoH.
|
2021-10-14 08:49:50 +02:00
|
|
|
|
|
|
|
|
* `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
|
|
|
|
|
that Windows 11 isn't shipping by default, currently:
|
|
|
|
|
* Adguard
|
2021-10-14 08:57:43 +02:00
|
|
|
* Cloudflare antimalware
|
2023-02-21 12:08:06 +01:00
|
|
|
* DNS0 (& Zero)
|
2021-10-14 09:00:11 +02:00
|
|
|
* Mullvad
|
|
|
|
|
* Mullvad Adblock
|
2023-02-20 10:56:48 +01:00
|
|
|
* Quad9 ECS (Windows 11 defaults include Quad9 default)
|
|
|
|
|
|
|
|
|
|
## Configuration
|
|
|
|
|
|
|
|
|
|
Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
|
|
|
|
|
HTTPS can be enabled for:
|
|
|
|
|
|
|
|
|
|
* All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
|
|
|
|
|
* Same place for Ethernet etc.
|
|
|
|
|
* Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
|
|
|
|
|
* Note: if the all networks one is configured, there is a warning about it not being used.
|
