Last active
August 3, 2022 20:26
-
-
Save emmaly/6455cfd61656e0c6c08df04b700eb25f to your computer and use it in GitHub Desktop.
DNS-over-HTTP (DoH) NextDNS automatic configuration via PowerShell for Windows 11 (and maybe Windows 10?)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# NextDNS install as DNS-over-DOH #> | |
| param ( | |
| [Parameter( | |
| Mandatory = $true, | |
| ParameterSetName = "NextDnsId", | |
| ValueFromPipeline = $true, | |
| ValueFromPipelineByPropertyName = $true, | |
| HelpMessage = "NextDNS Configuration ID, like: 12ab3c" | |
| )] | |
| [ValidatePattern("^[0-9A-F]{6}$")] | |
| [string]$NextDnsId = "", | |
| [Parameter( | |
| ValueFromPipeline = $true, | |
| ValueFromPipelineByPropertyName = $true, | |
| HelpMessage = "Device name, used in analytics and logs to uniquely identify this device." | |
| )] | |
| [Alias("Hostname")] | |
| [ValidatePattern("^[0-9A-Z]([0-9A-Z-\.]?[0-9A-Z])*$")] | |
| [string]$DeviceName = "", | |
| [Parameter( | |
| HelpMessage = "Use the computer's hostname as the DeviceName." | |
| )] | |
| [switch]$UseHostname, | |
| [Parameter( | |
| HelpMessage = "Specifies whether to encrypt all name resolutions to this server using the DoH settings. The upgrade occurs if the server is configured on an adapter or if it is part of a Name Resolution Policy Table (NRPT) rule. The default is `False`." | |
| )] | |
| [switch]$AutoUpgrade, | |
| [Parameter( | |
| HelpMessage = "Specifies whether to allow fallback to unencrypted DNS if the DoH query to the server fails, but this only applies if `AutoUpgrade` is `True`. The default on both is `False`." | |
| )] | |
| [switch]$AllowFallbackToUdp, | |
| [Parameter( | |
| HelpMessage = "Specifies whether to apply this to the Ethernet and Wi-Fi adapters. The default is `False`. If not, this will only add the DoH capability to the DNS IP addresses." | |
| )] | |
| [switch]$ApplyToNetworkDevices | |
| ) | |
| $nextDnsDeviceName = $null | |
| if ($UseHostname) { | |
| $nextDnsDeviceName = [Environment]::MachineName | |
| } | |
| if ($DeviceName) { | |
| $nextDnsDeviceName = $DeviceName | |
| } | |
| Write-Host "NextDnsId: $NextDnsId" | |
| $nextDnsId = $NextDnsId.ToLower() | |
| Write-Host "nextDnsDeviceName: $nextDnsDeviceName" | |
| Write-Host "AutoUpgrade: $AutoUpgrade" | |
| Write-Host "AllowFallbackToUdp: $AllowFallbackToUdp" | |
| $ipv4Address = @() | |
| $ipv4Address += "45.90.28.169" | |
| $ipv4Address += "45.90.30.169" | |
| # Write-Host ("ipv4Addresses: [" + ($ipv4Address -join ", ") + "]") | |
| $ipv6AddressPrefix = "2a07:a8c" | |
| $ipv6Address = @() | |
| $ipv6Address += $ipv6AddressPrefix + "0::" + $nextDnsId.substring(0, 2) + ":" + $nextDnsId.substring(2, 4) | |
| $ipv6Address += $ipv6AddressPrefix + "1::" + $nextDnsId.substring(0, 2) + ":" + $nextDnsId.substring(2, 4) | |
| # Write-Host ("ipv6Addresses: [" + ($ipv6Address -join ", ") + "]") | |
| $ipAddresses = $ipv4Address + $ipv6Address | |
| Write-Host ("ipAddresses: [" + ($ipAddresses -join ", ") + "]") | |
| $dohParts = @("https://dns.nextdns.io") | |
| $dohParts += $nextDnsId | |
| if ($nextDnsDeviceName) { | |
| $dohParts += $nextDnsDeviceName | |
| } | |
| $dohTemplate = $dohParts -join "/" | |
| Write-Host "dohTemplate: $dohTemplate" | |
| foreach ($ipAddress in $ipAddresses) { | |
| Write-Host "[$ipAddress]" | |
| if ((Get-DnsClientDohServerAddress -ServerAddress $ipAddress -ErrorAction SilentlyContinue).ServerAddress -eq $ipAddress) { | |
| Set-DnsClientDohServerAddress -ServerAddress $ipAddress -DohTemplate $dohTemplate -AutoUpgrade $AutoUpgrade -AllowFallbackToUdp $AllowFallbackToUdp | |
| } | |
| else { | |
| Add-DnsClientDohServerAddress -ServerAddress $ipAddress -DohTemplate $dohTemplate -AutoUpgrade $AutoUpgrade -AllowFallbackToUdp $AllowFallbackToUdp | |
| } | |
| } | |
| if ($ApplyToNetworkDevices) { | |
| Write-Host "Applying to network devices..." | |
| $networkDevices = Get-NetIPConfiguration | | |
| Where-Object -Property InterfaceAlias -IMatch '^Ethernet\b|Wi-Fi\b' | |
| $networkDevices | ForEach-Object { | |
| Write-Host "["$_.InterfaceAlias"]" | |
| } | |
| $networkDevices | | |
| Select-Object -Property InterfaceIndex | | |
| Set-DnsClientServerAddress -ServerAddresses ($ipv4Address + $ipv6Address) | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# Reset DHCP-managed network interfaces to DHCP-issued DNS #> | |
| Write-Host "Resetting DHCP-enabled network devices back to DHCP sourced DNS..." | |
| Get-NetIPInterface -Dhcp Enabled | | |
| Where-Object -Property InterfaceAlias -IMatch '^Ethernet\b|Wi-Fi\b' | | |
| Get-DnsClientServerAddress | | |
| Select-Object -Unique | | |
| Sort-Object -Property InterfaceAlias,AddressFamily | | |
| ForEach-Object { | |
| Get-DnsClientServerAddress -InterfaceIndex $_.InterfaceIndex -AddressFamily $_.AddressFamily | | |
| ForEach-Object { | |
| $interfaceAlias = $_.InterfaceAlias | |
| $addressFamily = "["+$_.AddressFamily+"]" | |
| if ($_.AddressFamily -eq 2) { | |
| $addressFamily = "IPv4" | |
| } elseif ($_.AddressFamily -eq 23) { | |
| $addressFamily = "IPv6" | |
| } | |
| Write-Host "$addressFamily :: $interfaceAlias" | |
| $_ | Set-DnsClientServerAddress -ResetServerAddresses | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment