shell-things/Windows/DoH
2023-02-25 16:36:15 +02:00
..
DohWellKnownServers.reg Windows/DoH/DohWellKnownServers.reg: update Adguard DoH endpoint 2023-02-25 16:36:15 +02:00
GPO-EnforceDoH.reg Windows\DoH: add GPO-EnforceDoH.reg & README.md 2021-10-14 09:46:44 +03:00
README.md Windows/DoH/README.md: mention TREX maps to Quad9 DoH 2023-02-25 16:32:04 +02:00

DNS over HTTPS in Windows 11

Requires Windows 11.

  • GPO-EnforceDoH.reg enables the group policy to require DoH. However it didnt seem to work for me or it allowed me to set the DNS server to not use DoH.

  • DohWellKnownServers adds DoH support for multiple IPv4 & IPv6 addresses that Windows 11 isnt shipping by default, currently:

    • Adguard
    • Cloudflare antimalware
    • DNS0 standard
      • Zero
      • Open
      • Kids
    • Mullvad
    • Mullvad Adblock
    • Quad9 ECS (Windows 11 defaults include Quad9 default)
    • TREX (actually points to Quad9 as per their documentation)

Configuration

Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over HTTPS can be enabled for:

  • All networks: Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit
    • Same place for Ethernet etc.
  • Specific network: Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit
    • Note: if the all networks one is configured, there is a warning about it not being used.