shell-things/Windows/DoH/README.md

37 lines
1.2 KiB
Markdown
Raw Normal View History

2024-07-03 18:08:14 +02:00
<!-- @format -->
# DNS over HTTPS in Windows 11
Requires Windows 11.
2023-02-21 16:54:39 +01:00
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
2024-07-03 18:08:14 +02:00
didn't seem to work for me or it allowed me to set the DNS server to not use
DoH.
2023-02-21 16:54:39 +01:00
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
2023-02-21 18:33:31 +01:00
that Windows 11 isn't shipping by default, currently:
- Adguard
- Cloudflare antimalware
2023-02-23 09:13:33 +01:00
- DNS0 standard
- Zero
- Open
- Kids
2023-02-21 18:33:31 +01:00
- Mullvad
- Mullvad Adblock
- Quad9 ECS (Windows 11 defaults include Quad9 default)
2024-07-03 18:08:14 +02:00
- TREX (actually points to Quad9 as per
[their documentation](https://www.trex.fi/service/resolvers.html))
## Configuration
Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
HTTPS can be enabled for:
2024-07-03 18:08:14 +02:00
- All networks:
`Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
2023-02-21 18:33:31 +01:00
- Same place for Ethernet etc.
2024-07-03 18:08:14 +02:00
- Specific network:
`Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
- Note: if the all networks one is configured, there is a warning about it
not being used.