1

I using this script in order to automatically enabling DoH on all my network interfaces; but when I check the configuration on Settings app I see that the IP addresses are setted but they are setted as "Not encrypted", so I've to manually set them to "On (automatic template)". How can I do this via script?

$i = Get-NetAdapter -Physical
$i | Get-DnsClientServerAddress -AddressFamily IPv4 | Set-DnsClientServerAddress -ServerAddresses '176.103.130.130', '1.1.1.2'
$i | Get-DnsClientServerAddress -AddressFamily IPv6 | Set-DnsClientServerAddress -ServerAddresses '2a10:50c0::ad1:ff', '2606:4700:4700::1112'
$i | ForEach-Object {
$s1 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh\176.103.130.130'; New-Item -Path $s1 -Force | New-ItemProperty -Name "DohFlags" -Value 5 -PropertyType Qword
$s2 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh\1.1.1.2'; New-Item -Path $s2 -Force  | New-ItemProperty -Name "DohFlags" -Value 5 -PropertyType Qword
$s3 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh6\2a10:50c0::ad1:ff'; New-Item -Path $s3 -Force | New-ItemProperty -Name "DohFlags" -Value 5 -PropertyType Qword
$s4 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh6\2606:4700:4700::1112'; New-Item -Path $s4 -Force  | New-ItemProperty -Name "DohFlags" -Value 5 -PropertyType Qword
}
Clear-DnsClientCache;
alessio89g
  • 101

2 Answers2

1

I have been looking for this as well. You're looking for the following registry key:

HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\{InterfaceGuid}\DohInterfaceSettings\Doh\IPX.XXX.XXX.XXX

where you have to set DohFlags to value 1.

Grabbing your code and combining it with some other sources, I came to the following (working) PowerShell-script. Running this script with a scheduled task on network change would be enough to enable DoH on each (new) interface.

Add-DnsClientDohServerAddress -ServerAddress IP1.XXX.XXX.XXX -DohTemplate https://your.domain.from.dns.server/dns-query -errorAction SilentlyContinue
Add-DnsClientDohServerAddress -ServerAddress IP2.XXX.XXX.XXX -DohTemplate https://your.domain.from.dns.server/dns-query -errorAction SilentlyContinue

$i = Get-NetAdapter -Physical
$i | ForEach-Object {
Set-DnsClientServerAddress $.InterfaceAlias -ServerAddresses "IP1.XXX.XXX.XXX","IP2.XXX.XXX.XXX"
$s1 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters' + $.InterfaceGuid + '\DohInterfaceSettings\Doh\IP1.XXX.XXX.XXX'; New-Item -Path $s1 -Force | New-ItemProperty -Name "DohFlags" -Value 1 -PropertyType QWORD
$s2 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh\IP2.XXX.XXX.XXX'; New-Item -Path $s2 -Force  | New-ItemProperty -Name "DohFlags" -Value 1 -PropertyType QWORD
}
Clear-DnsClientCache;

Putting this together for Cloudflare DoH gives the following result. You don't need to specify the templates (Add-DnsClientDohServerAddress) since Cloudflare ones are already included to Windows (at least 11 22H2).

$i = Get-NetAdapter -Physical
$i | ForEach-Object {
Set-DnsClientServerAddress $_.InterfaceAlias -ServerAddresses "1.1.1.1","1.0.0.1"
$s1 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh\1.1.1.1'; New-Item -Path $s1 -Force | New-ItemProperty -Name "DohFlags" -Value 1 -PropertyType QWORD
$s2 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh\1.0.0.1'; New-Item -Path $s2 -Force  | New-ItemProperty -Name "DohFlags" -Value 1 -PropertyType QWORD
}
Clear-DnsClientCache;
cYlicious
  • 11
0

Solution for both IPv4 and IPv6 of Cloudflare DNS:

$i = Get-NetAdapter -Physical
$i | ForEach-Object {
    Set-DnsClientServerAddress -InterfaceAlias "$($_.InterfaceAlias)" -ServerAddresses "1.1.1.1","1.0.0.1"
    Set-DnsClientServerAddress -InterfaceAlias "$($_.InterfaceAlias)" -ServerAddresses "2606:4700:4700::1111","2606:4700:4700::1001"
    $s1 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh\1.1.1.1'; New-Item -Path $s1 -Force | New-ItemProperty -Name "DohFlags" -Value 1 -PropertyType QWORD
    $s2 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh\1.0.0.1'; New-Item -Path $s2 -Force  | New-ItemProperty -Name "DohFlags" -Value 1 -PropertyType QWORD
    $s3 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh6\2606:4700:4700::1111'; New-Item -Path $s3 -Force | New-ItemProperty -Name "DohFlags" -Value 1 -PropertyType QWORD
    $s4 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh6\2606:4700:4700::1001'; New-Item -Path $s4 -Force  | New-ItemProperty -Name "DohFlags" -Value 1 -PropertyType QWORD
}
Clear-DnsClientCache
Võ Nguyễn Minh Tú
  • 11