2021-10-14 08:46:44 +02:00
|
|
|
# DNS over HTTPS in Windows 11
|
|
|
|
|
|
|
|
|
|
Requires Windows 11.
|
|
|
|
|
|
2023-02-21 16:54:39 +01:00
|
|
|
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
|
2023-02-21 18:33:31 +01:00
|
|
|
didn't seem to work for me or it allowed me to set the DNS server to not
|
|
|
|
|
use DoH.
|
2021-10-14 08:49:50 +02:00
|
|
|
|
2023-02-21 16:54:39 +01:00
|
|
|
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
|
2023-02-21 18:33:31 +01:00
|
|
|
that Windows 11 isn't shipping by default, currently:
|
|
|
|
|
- Adguard
|
|
|
|
|
- Cloudflare antimalware
|
2023-02-23 09:13:33 +01:00
|
|
|
- DNS0 standard
|
|
|
|
|
- Zero
|
|
|
|
|
- Open
|
2023-02-23 09:16:36 +01:00
|
|
|
- Kids
|
2023-02-21 18:33:31 +01:00
|
|
|
- Mullvad
|
|
|
|
|
- Mullvad Adblock
|
|
|
|
|
- Quad9 ECS (Windows 11 defaults include Quad9 default)
|
2023-02-25 15:32:04 +01:00
|
|
|
- TREX (actually points to Quad9 as per [their documentation](https://www.trex.fi/service/resolvers.html))
|
2023-02-20 10:56:48 +01:00
|
|
|
|
|
|
|
|
## Configuration
|
|
|
|
|
|
|
|
|
|
Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
|
|
|
|
|
HTTPS can be enabled for:
|
|
|
|
|
|
2023-02-21 16:54:39 +01:00
|
|
|
- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
|
2023-02-21 18:33:31 +01:00
|
|
|
- Same place for Ethernet etc.
|
2023-02-21 16:54:39 +01:00
|
|
|
- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
|
2023-02-21 18:33:31 +01:00
|
|
|
- Note: if the all networks one is configured, there is a warning about it not being used.
|
