emmaly · August 3, 2022 20:26
diff --git a/NextDNS-DNS-over-DOH.ps1 b/NextDNS-DNS-over-DOH.ps1
 <# NextDNS install as DNS-over-DOH #>

 param (
  [Parameter(
    Mandatory = $true,
    ParameterSetName = "NextDnsId",
    ValueFromPipeline = $true,
    ValueFromPipelineByPropertyName = $true,
    HelpMessage = "NextDNS Configuration ID, like: 12ab3c"
  )]
  [ValidatePattern("^[0-9A-F]{6}$")]
  [string]$NextDnsId = "",

  [Parameter(
    ValueFromPipeline = $true,
    ValueFromPipelineByPropertyName = $true,
    HelpMessage = "Device name, used in analytics and logs to uniquely identify this device."
  )]
  [Alias("Hostname")]
  [ValidatePattern("^[0-9A-Z]([0-9A-Z-\.]?[0-9A-Z])*$")]
  [string]$DeviceName = "",

  [Parameter(
    HelpMessage = "Use the computer's hostname as the DeviceName."
  )]
  [switch]$UseHostname,

  [Parameter(
    HelpMessage = "Specifies whether to encrypt all name resolutions to this server using the DoH settings. The upgrade occurs if the server is configured on an adapter or if it is part of a Name Resolution Policy Table (NRPT) rule. The default is `False`."
  )]
  [switch]$AutoUpgrade,

  [Parameter(
    HelpMessage = "Specifies whether to allow fallback to unencrypted DNS if the DoH query to the server fails, but this only applies if `AutoUpgrade` is `True`. The default on both is `False`."
  )]
  [switch]$AllowFallbackToUdp,

  [Parameter(
    HelpMessage = "Specifies whether to apply this to the Ethernet and Wi-Fi adapters. The default is `False`. If not, this will only add the DoH capability to the DNS IP addresses."
  )]
  [switch]$ApplyToNetworkDevices
 )

 $nextDnsDeviceName = $null

 if ($UseHostname) {
  $nextDnsDeviceName = [Environment]::MachineName
 }
 if ($DeviceName) {
  $nextDnsDeviceName = $DeviceName
 }

 Write-Host "NextDnsId: $NextDnsId"
 $nextDnsId = $NextDnsId.ToLower()

 Write-Host "nextDnsDeviceName: $nextDnsDeviceName"
 Write-Host "AutoUpgrade: $AutoUpgrade"
 Write-Host "AllowFallbackToUdp: $AllowFallbackToUdp"

 $ipv4Address = @()
 $ipv4Address += "45.90.28.169"
 $ipv4Address += "45.90.30.169"
 # Write-Host ("ipv4Addresses: [" + ($ipv4Address -join ", ") + "]")

 $ipv6AddressPrefix = "2a07:a8c"
 $ipv6Address = @()
 $ipv6Address += $ipv6AddressPrefix + "0::" + $nextDnsId.substring(0, 2) + ":" + $nextDnsId.substring(2, 4)
 $ipv6Address += $ipv6AddressPrefix + "1::" + $nextDnsId.substring(0, 2) + ":" + $nextDnsId.substring(2, 4)
 # Write-Host ("ipv6Addresses: [" + ($ipv6Address -join ", ") + "]")

 $ipAddresses = $ipv4Address + $ipv6Address
 Write-Host ("ipAddresses: [" + ($ipAddresses -join ", ") + "]")

 $dohParts = @("https://dns.nextdns.io")
 $dohParts += $nextDnsId
 if ($nextDnsDeviceName) {
  $dohParts += $nextDnsDeviceName
 }
 $dohTemplate = $dohParts -join "/"
 Write-Host "dohTemplate: $dohTemplate"

 foreach ($ipAddress in $ipAddresses) {
  Write-Host "[$ipAddress]"
  if ((Get-DnsClientDohServerAddress -ServerAddress $ipAddress -ErrorAction SilentlyContinue).ServerAddress -eq $ipAddress) {
    Set-DnsClientDohServerAddress -ServerAddress $ipAddress -DohTemplate $dohTemplate -AutoUpgrade $AutoUpgrade -AllowFallbackToUdp $AllowFallbackToUdp
  }
  else {
    Add-DnsClientDohServerAddress -ServerAddress $ipAddress -DohTemplate $dohTemplate -AutoUpgrade $AutoUpgrade -AllowFallbackToUdp $AllowFallbackToUdp
  }
 }

 if ($ApplyToNetworkDevices) {
  Write-Host "Applying to network devices..."

  $networkDevices = Get-NetIPConfiguration |
    Where-Object -Property InterfaceAlias -IMatch '^Ethernet\b|Wi-Fi\b'

  $networkDevices | ForEach-Object {
    Write-Host "["$_.InterfaceAlias"]"
  }

  $networkDevices |
    Select-Object -Property InterfaceIndex |
    Set-DnsClientServerAddress -ServerAddresses ($ipv4Address + $ipv6Address)
 }
diff --git a/Reset-to-DHCP.ps1 b/Reset-to-DHCP.ps1
 <# Reset DHCP-managed network interfaces to DHCP-issued DNS #>

 Write-Host "Resetting DHCP-enabled network devices back to DHCP sourced DNS..."

 Get-NetIPInterface -Dhcp Enabled |
  Where-Object -Property InterfaceAlias -IMatch '^Ethernet\b|Wi-Fi\b' |
  Get-DnsClientServerAddress |
  Select-Object -Unique |
  Sort-Object -Property InterfaceAlias,AddressFamily |
  ForEach-Object {
    Get-DnsClientServerAddress -InterfaceIndex $_.InterfaceIndex -AddressFamily $_.AddressFamily |
      ForEach-Object {
        $interfaceAlias = $_.InterfaceAlias
        $addressFamily = "["+$_.AddressFamily+"]"
        if ($_.AddressFamily -eq 2) {
          $addressFamily = "IPv4"
        } elseif ($_.AddressFamily -eq 23) {
          $addressFamily = "IPv6"
        }
        Write-Host "$addressFamily :: $interfaceAlias"
      $_ | Set-DnsClientServerAddress -ResetServerAddresses
    }
  }
	<# NextDNS install as DNS-over-DOH #>

	param (
	[Parameter(
	Mandatory = $true,
	ParameterSetName = "NextDnsId",
	ValueFromPipeline = $true,
	ValueFromPipelineByPropertyName = $true,
	HelpMessage = "NextDNS Configuration ID, like: 12ab3c"
	)]
	[ValidatePattern("^[0-9A-F]{6}$")]
	[string]$NextDnsId = "",

	[Parameter(
	ValueFromPipeline = $true,
	ValueFromPipelineByPropertyName = $true,
	HelpMessage = "Device name, used in analytics and logs to uniquely identify this device."
	)]
	[Alias("Hostname")]
	[ValidatePattern("^[0-9A-Z]([0-9A-Z-\.]?[0-9A-Z])*$")]
	[string]$DeviceName = "",

	[Parameter(
	HelpMessage = "Use the computer's hostname as the DeviceName."
	)]
	[switch]$UseHostname,

	[Parameter(
	HelpMessage = "Specifies whether to encrypt all name resolutions to this server using the DoH settings. The upgrade occurs if the server is configured on an adapter or if it is part of a Name Resolution Policy Table (NRPT) rule. The default is `False`."
	)]
	[switch]$AutoUpgrade,

	[Parameter(
	HelpMessage = "Specifies whether to allow fallback to unencrypted DNS if the DoH query to the server fails, but this only applies if `AutoUpgrade` is `True`. The default on both is `False`."
	)]
	[switch]$AllowFallbackToUdp,

	[Parameter(
	HelpMessage = "Specifies whether to apply this to the Ethernet and Wi-Fi adapters. The default is `False`. If not, this will only add the DoH capability to the DNS IP addresses."
	)]
	[switch]$ApplyToNetworkDevices
	)

	$nextDnsDeviceName = $null

	if ($UseHostname) {
	$nextDnsDeviceName = [Environment]::MachineName
	}
	if ($DeviceName) {
	$nextDnsDeviceName = $DeviceName
	}

	Write-Host "NextDnsId: $NextDnsId"
	$nextDnsId = $NextDnsId.ToLower()

	Write-Host "nextDnsDeviceName: $nextDnsDeviceName"
	Write-Host "AutoUpgrade: $AutoUpgrade"
	Write-Host "AllowFallbackToUdp: $AllowFallbackToUdp"

	$ipv4Address = @()
	$ipv4Address += "45.90.28.169"
	$ipv4Address += "45.90.30.169"
	# Write-Host ("ipv4Addresses: [" + ($ipv4Address -join ", ") + "]")

	$ipv6AddressPrefix = "2a07:a8c"
	$ipv6Address = @()
	$ipv6Address += $ipv6AddressPrefix + "0::" + $nextDnsId.substring(0, 2) + ":" + $nextDnsId.substring(2, 4)
	$ipv6Address += $ipv6AddressPrefix + "1::" + $nextDnsId.substring(0, 2) + ":" + $nextDnsId.substring(2, 4)
	# Write-Host ("ipv6Addresses: [" + ($ipv6Address -join ", ") + "]")

	$ipAddresses = $ipv4Address + $ipv6Address
	Write-Host ("ipAddresses: [" + ($ipAddresses -join ", ") + "]")

	$dohParts = @("https://dns.nextdns.io")
	$dohParts += $nextDnsId
	if ($nextDnsDeviceName) {
	$dohParts += $nextDnsDeviceName
	}
	$dohTemplate = $dohParts -join "/"
	Write-Host "dohTemplate: $dohTemplate"

	foreach ($ipAddress in $ipAddresses) {
	Write-Host "[$ipAddress]"
	if ((Get-DnsClientDohServerAddress -ServerAddress $ipAddress -ErrorAction SilentlyContinue).ServerAddress -eq $ipAddress) {
	Set-DnsClientDohServerAddress -ServerAddress $ipAddress -DohTemplate $dohTemplate -AutoUpgrade $AutoUpgrade -AllowFallbackToUdp $AllowFallbackToUdp
	}
	else {
	Add-DnsClientDohServerAddress -ServerAddress $ipAddress -DohTemplate $dohTemplate -AutoUpgrade $AutoUpgrade -AllowFallbackToUdp $AllowFallbackToUdp
	}
	}

	if ($ApplyToNetworkDevices) {
	Write-Host "Applying to network devices..."

	$networkDevices = Get-NetIPConfiguration \|
	Where-Object -Property InterfaceAlias -IMatch '^Ethernet\b\|Wi-Fi\b'

	$networkDevices \| ForEach-Object {
	Write-Host "["$_.InterfaceAlias"]"
	}

	$networkDevices \|
	Select-Object -Property InterfaceIndex \|
	Set-DnsClientServerAddress -ServerAddresses ($ipv4Address + $ipv6Address)
	}
	<# Reset DHCP-managed network interfaces to DHCP-issued DNS #>

	Write-Host "Resetting DHCP-enabled network devices back to DHCP sourced DNS..."

	Get-NetIPInterface -Dhcp Enabled \|
	Where-Object -Property InterfaceAlias -IMatch '^Ethernet\b\|Wi-Fi\b' \|
	Get-DnsClientServerAddress \|
	Select-Object -Unique \|
	Sort-Object -Property InterfaceAlias,AddressFamily \|
	ForEach-Object {
	Get-DnsClientServerAddress -InterfaceIndex $_.InterfaceIndex -AddressFamily $_.AddressFamily \|
	ForEach-Object {
	$interfaceAlias = $_.InterfaceAlias
	$addressFamily = "["+$_.AddressFamily+"]"
	if ($_.AddressFamily -eq 2) {
	$addressFamily = "IPv4"
	} elseif ($_.AddressFamily -eq 23) {
	$addressFamily = "IPv6"
	}
	Write-Host "$addressFamily :: $interfaceAlias"
	$_ \| Set-DnsClientServerAddress -ResetServerAddresses
	}
	}