...
The DohTemplate is referencing the DOH URL. In the URL example below, “fc6ca07a-0b03-45fb-9feb-7694b14fb249" should be replaced with your unique URL per policy.
| Code Block |
|---|
Add-DnsClientDohServerAddress -ServerAddress 52.119.41.200 -DohTemplate https://fc6ca07a-0b03-45fb-9feb-7694b14fb249.doh.threatdefense.infoblox.com/dns-query
|
It will generate an output like this:. Do note that in the URL example below, “fc6ca07a-0b03-45fb-9feb-7694b14fb249" will be replaced with your unique URL per policy.
| Code Block |
|---|
ServerAddress AllowFallbackToUdp AutoUpgrade DohTemplate
------------- ------------------ ----------- -----------
52.119.41.200 False False https://fc6ca07a-0b03-45fb-9feb-7694b14fb249.doh.threatdefense.infoblox.com/dns-query
|
...
You will see all the DOH templates available to use. Scroll until you see the entry for the doh.threatdefense.infoblox.com service. Do note that in the URL example below, “fc6ca07a-0b03-45fb-9feb-7694b14fb249" will be replaced with your unique URL per policy.
| Code Block |
|---|
Encryption settings for 52.119.41.200 ------------- ------------------ ----------- ----------- DNS-over-HTTPS template : https://doh.fc6ca07a-0b03-45fb-9feb-7694b14fb249.threatdefense.infoblox.com/dns-query Auto-upgrade : no UDP-fallback : no |
The Server IP for DOH will be 52.119.41.200 or 103.80.6.200. While we support IPv6 DNS, we don’t have it configured for DOH yet. We encourage you disable IPv6 on the machine to avoid leaking DNS queries.
...
| Code Block |
|---|
$RegistryPath = 'HKLM:\System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\{b8c2ef47-639d-4b00-96f4-b8e3c8a30618}\DohInterfaceSettings\Doh\18552.228119.16841.10200'
$Name = 'DohFlags'
$Value = '1'
# Create the key if it does not exist
If (-NOT (Test-Path $RegistryPath)) {
New-Item -Path $RegistryPath -Force | Out-Null
}
# Now set the value
New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -PropertyType QWORD -Force
|
...