Skip to content

Instantly share code, notes, and snippets.

@krcm0209
Last active October 31, 2024 19:06
Show Gist options
  • Save krcm0209/2d8ceb00ebf5b6113d920b8120913c02 to your computer and use it in GitHub Desktop.
Save krcm0209/2d8ceb00ebf5b6113d920b8120913c02 to your computer and use it in GitHub Desktop.
Using AdGuard DNS over HTTPS (DoH) on Windows 11

Why

You may want to use AdGuard's DNS over HTTPS1 service if you

  1. Want to make it harder for your ISP to know what websites you are requesting
  2. Want to block most traditional ads from your web browsing experience across your entire PC

Setup instructions

  1. Open PowerShell Step 1
  2. Add the primary and secondary AdGuard DNS IPv4 and IPv6 addresses2
    netsh dns add encryption server=94.140.14.14 dohtemplate=https://dns.adguard.com/dns-query autoupgrade=yes udpfallback=no
    netsh dns add encryption server=94.140.15.15 dohtemplate=https://dns.adguard.com/dns-query autoupgrade=yes udpfallback=no
    netsh dns add encryption server=2a10:50c0::ad1:ff dohtemplate=https://dns.adguard.com/dns-query autoupgrade=yes udpfallback=no
    netsh dns add encryption server=2a10:50c0::ad2:ff dohtemplate=https://dns.adguard.com/dns-query autoupgrade=yes udpfallback=no
    
  3. Verify addition of DNS options netsh dns show encryption
    Encryption settings for 94.140.15.15
    ----------------------------------------------------------------------
    DNS-over-HTTPS template     : https://dns.adguard.com/dns-query
    Auto-upgrade                : yes
    UDP-fallback                : no
    
    Encryption settings for 94.140.14.14
    ----------------------------------------------------------------------
    DNS-over-HTTPS template     : https://dns.adguard.com/dns-query
    Auto-upgrade                : yes
    UDP-fallback                : no
    
    Encryption settings for 2a10:50c0::ad1:ff
    ----------------------------------------------------------------------
    DNS-over-HTTPS template     : https://dns.adguard.com/dns-query
    Auto-upgrade                : yes
    UDP-fallback                : no
    
    Encryption settings for 2a10:50c0::ad2:ff
    ----------------------------------------------------------------------
    DNS-over-HTTPS template     : https://dns.adguard.com/dns-query
    Auto-upgrade                : yes
    UDP-fallback                : no
    
    • If you don't see the new DNS options, you may need to run PowerShell with administrator priviledges
  4. Open Settings > Network & internet > Wi-Fi > Hardware properties Step 4
  5. Click the "Edit" button in the DNS servers block Step 5
  6. Change the dropdown setting from "Automatic (DHCP)" to "Manual" Step 6
  7. Ensure both IPv4 and IPv6 are toggled on Step 7
  8. Under IPv4, enter 94.140.14.14 for the Preferred DNS, and 94.140.15.15 for the Alternate DNS Step 8
  9. Under IPv6, enter 2a10:50c0::ad1:ff for the Preferred DNS, and 2a10:50c0::ad2:ff for the Alternate DNS Step 9
  10. Ensure all of the DNS encryption dropdowns are set to "Encrypted only (DNS over HTTPS)" Step 10
  11. Click "Save" Step 11

Footnotes

  1. https://en.wikipedia.org/wiki/DNS_over_HTTPS

  2. https://kb.adguard.com/en/general/dns-providers#adguard-dns

@hideandseekstheorder
Copy link

thanks

@Vishalrana7
Copy link

Hi I have only go option in DNS over HTTPS
1.ON (automatic template)
2.ON (manual template)
3.OFF

@hansen033
Copy link

They updated their address to dns.adguard-dns.com to avoid blockage last year. If you encounter any issue, give it a try.

@Vishalrana7
Copy link

I selected for ON(automatic template) it fills the address and everything is working fine as of now

@miraclemenikelechi
Copy link

They updated their address to dns.adguard-dns.com to avoid blockage last year. If you encounter any issue, give it a try.

they did change addresses for ipv4 and ipv6 as from this blog post by adguard themselves. however the hostnames are still the same. the you have referred to here is the former that still works and the latest is the one from the author of this gist.
image

@hideandseekstheorder
Copy link

can u update this change?, i think its not work on windows 10
image

@dan-i-welcome
Copy link

dan-i-welcome commented Apr 2, 2024

can u update this change?, i think its not work on windows 10 image

@hideandseekstheorder use the "COMMAND PROMPT" app, not the "power shell" app, then it will work in "command prompt".

@katastrophe92
Copy link

Hello y'all. Here is as 1 command instead of doing it one by one. Run as administrator PowerShell or CMD.
netsh dns add encryption server=94.140.14.14 dohtemplate=https://dns.adguard.com/dns-query autoupgrade=yes udpfallback=no && netsh dns add encryption server=94.140.15.15 dohtemplate=https://dns.adguard.com/dns-query autoupgrade=yes udpfallback=no && netsh dns add encryption server=2a10:50c0::ad1:ff dohtemplate=https://dns.adguard.com/dns-query autoupgrade=yes udpfallback=no && netsh dns add encryption server=2a10:50c0::ad2:ff dohtemplate=https://dns.adguard.com/dns-query autoupgrade=yes udpfallback=no

@yecarrillo
Copy link

yecarrillo commented May 5, 2024

This can be done with PowerShell commands exclusively.

Get-DnsClientDohServerAddress
Add-DnsClientDohServerAddress -ServerAddress '94.140.14.14' -DohTemplate 'https://dns.adguard.com/dns-query' -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress '94.140.15.15' -DohTemplate 'https://dns.adguard.com/dns-query' -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress '2a10:50c0::ad1:ff' -DohTemplate 'https://dns.adguard.com/dns-query' -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress '2a10:50c0::ad2:ff' -DohTemplate 'https://dns.adguard.com/dns-query' -AllowFallbackToUdp $False -AutoUpgrade $True
Get-DnsClientDohServerAddress

Set-DnsClientServerAddress -InterfaceAlias "Wi-fi" -ResetServerAddresses
Set-DnsClientServerAddress -InterfaceAlias "Wi-fi" -ServerAddresses ("94.140.14.14","94.140.15.15")
Set-DnsClientServerAddress -InterfaceAlias "Wi-fi" –ServerAddresses ("2a10:50c0::ad1:ff","2a10:50c0::ad2:ff")

Invoke-Expression "New-Item -Path 'Registry::HKLM:\System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\$((Get-Netadapter -Name 'Wi-Fi').InterfaceGuid.ToLower())\DohInterfaceSettings\Doh\94.140.14.14' -Force"
Invoke-Expression "New-ItemProperty -Path 'Registry::HKLM:\System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\$((Get-Netadapter -Name 'Wi-Fi').InterfaceGuid.ToLower())\DohInterfaceSettings\Doh\94.140.14.14' -Name 'DohFlags' -Value 1 -PropertyType QWORD -Force"
Invoke-Expression "New-Item -Path 'Registry::HKLM:\System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\$((Get-Netadapter -Name 'Wi-Fi').InterfaceGuid.ToLower())\DohInterfaceSettings\Doh\94.140.15.15' -Force"
Invoke-Expression "New-ItemProperty -Path 'Registry::HKLM:\System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\$((Get-Netadapter -Name 'Wi-Fi').InterfaceGuid.ToLower())\DohInterfaceSettings\Doh\94.140.15.15' -Name 'DohFlags' -Value 1 -PropertyType QWORD -Force"

Invoke-Expression "New-Item -Path 'Registry::HKLM:\System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\$((Get-Netadapter -Name 'Wi-Fi').InterfaceGuid.ToLower())\DohInterfaceSettings\Doh6\2a10:50c0::ad1:ff' -Force"
Invoke-Expression "New-ItemProperty -Path 'Registry::HKLM:\System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\$((Get-Netadapter -Name 'Wi-Fi').InterfaceGuid.ToLower())\DohInterfaceSettings\Doh6\2a10:50c0::ad1:ff' -Name 'DohFlags' -Value 1 -PropertyType QWORD -Force"
Invoke-Expression "New-Item -Path 'Registry::HKLM:\System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\$((Get-Netadapter -Name 'Wi-Fi').InterfaceGuid.ToLower())\DohInterfaceSettings\Doh6\2a10:50c0::ad2:ff' -Force"
Invoke-Expression "New-ItemProperty -Path 'Registry::HKLM:\System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\$((Get-Netadapter -Name 'Wi-Fi').InterfaceGuid.ToLower())\DohInterfaceSettings\Doh6\2a10:50c0::ad2:ff' -Name 'DohFlags' -Value 1 -PropertyType QWORD -Force"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment