From ba402bf11e2e1f13d9f33adb6663134c45ce63f9 Mon Sep 17 00:00:00 2001 From: Josh <134442015+Blixxky@users.noreply.github.com> Date: Fri, 12 Sep 2025 13:35:17 -0400 Subject: [PATCH 1/2] Update DNS.bat Changed to Cloudflare with Malware blocking + DoH Added secondary DNS with the same --- DNS.bat | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/DNS.bat b/DNS.bat index 10562e43..0dfd8675 100644 --- a/DNS.bat +++ b/DNS.bat @@ -48,13 +48,22 @@ rem # Enable Cloudflare DNS rem # Disable DNS UDP Fallback rem # Disable Auto-Upgrade (Dynamic DNS / DDNS) rem # V3nilla: https://github.com/shoober420/windows11-scripts/issues/11 -netsh interface ip set dns Wi-Fi static 1.1.1.1 -netsh interface ip set dns Ethernet static 1.1.1.1 -netsh dns add encryption server=1.1.1.1 https://cloudflare-dns.com/dns-query autoupgrade=no udpfallback=no + +rem # Enable Cloudflare DNS with malware blocking and DOH +rem # Set primary DNS for Wi-Fi and Ethernet interfaces +netsh interface ip set dns Wi-Fi static 1.1.1.2 +netsh interface ip set dns Ethernet static 1.1.1.2 +netsh dns add encryption server=1.1.1.2 dohtemplate=https://security.cloudflare-dns.com/dns-query autoupgrade=no udpfallback=no + +rem # Add secondary DNS for Wi-Fi and Ethernet interfaces +netsh interface ip add dns Wi-Fi 1.0.0.2 index=2 +netsh interface ip add dns Ethernet 1.0.0.2 index=2 +netsh dns add encryption server=1.0.0.2 dohtemplate=https://security.cloudflare-dns.com/dns-query autoupgrade=no udpfallback=no + rem # Enable DNS over HTTPS (DoH) reg add "HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" /v "EnableAutoDoh" /t REG_DWORD /d "2" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" /v "EnableDoh" /t REG_DWORD /d "2" /f rem netsh dns set global doh=force -PAUSE \ No newline at end of file +PAUSE From 6cd7abe01585f94bd7681eabf93c071bbb1c46c8 Mon Sep 17 00:00:00 2001 From: Josh <134442015+Blixxky@users.noreply.github.com> Date: Fri, 12 Sep 2025 13:51:58 -0400 Subject: [PATCH 2/2] Update DNS.ps1 Adjusted for Cloudflare with Malware blocking and DoH Added secondary DNS with same Wrote functions for handling adapters --- DNS.ps1 | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 64 insertions(+), 7 deletions(-) diff --git a/DNS.ps1 b/DNS.ps1 index 9be85440..257beb65 100644 --- a/DNS.ps1 +++ b/DNS.ps1 @@ -4,12 +4,69 @@ # Disable Auto-Upgrade (Dynamic DNS / DDNS) # V3nilla: https://github.com/shoober420/windows11-scripts/issues/11 -$i = Get-NetAdapter -Physical -$i | Get-DnsClientServerAddress -AddressFamily IPv4 | Set-DnsClientServerAddress -ServerAddresses '1.1.1.1' | Add-DnsClientDohServerAddress -ServerAddress 1.1.1.1 -DohTemplate https://cloudflare-dns.com/dns-query -AutoUpgrade $False -AllowFallbackToUdp $False -$i | ForEach-Object { -$s1 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh\1.1.1.1'; New-Item -Path $s1 -Force | New-ItemProperty -Name "DohFlags" -Value 1 -PropertyType Qword -# $s2 = 'HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\' + $_.InterfaceGuid + '\DohInterfaceSettings\Doh\1.0.0.1'; New-Item -Path $s2 -Force | New-ItemProperty -Name "DohFlags" -Value 1 -PropertyType Qword +# --- Configuration --- +$PrimaryDns = '1.1.1.2' +$SecondaryDns = '1.0.0.2' +$DohTemplate = 'https://security.cloudflare-dns.com/dns-query' + +function Ensure-DohServer { + param ( + [string]$ServerAddress, + [string]$Template + ) + # Check if the DoH server is already registered system-wide + $existing = Get-DnsClientDohServerAddress -ErrorAction SilentlyContinue | + Where-Object { $_.ServerAddress -eq $ServerAddress } + + if (-not $existing) { + try { + # Register the new DoH server + Add-DnsClientDohServerAddress -ServerAddress $ServerAddress ` + -DohTemplate $Template -AllowFallbackToUdp $false -ErrorAction Stop + Write-Host " -> Registered DoH server $ServerAddress." -ForegroundColor Green + } + catch { + Write-Error "Failed to add DoH server $ServerAddress. Error: $($_.Exception.Message)" + } + } + else { + Write-Host " -> DoH server $ServerAddress already registered." -ForegroundColor Yellow + } +} + +Write-Host "Configuring Cloudflare Malware-Blocking DNS with DoH..." -ForegroundColor Cyan + +# 1. Register DoH servers for the system +Ensure-DohServer -ServerAddress $PrimaryDns -Template $DohTemplate +Ensure-DohServer -ServerAddress $SecondaryDns -Template $DohTemplate + +# 2. Find all network adapters that are both physical and currently connected +$activeAdapters = Get-NetAdapter -Physical | Where-Object { $_.Status -eq 'Up' } +if (-not $activeAdapters) { + Write-Warning "No active physical network adapters found to configure." + Read-Host "Press Enter to exit." + return # Exit the script } -Clear-DnsClientCache; -cmd /c 'pause' \ No newline at end of file +Write-Host "`nFound $($activeAdapters.Count) active adapter(s). Applying settings..." + +# 3. Configure each active adapter +foreach ($adapter in $activeAdapters) { + Write-Host " - Configuring '$($adapter.Name)'..." + try { + Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex ` + -ServerAddresses @($PrimaryDns, $SecondaryDns) -ErrorAction Stop + Set-DnsClientInterface -InterfaceIndex $adapter.InterfaceIndex ` + -DnsEncryption 'Require' -ErrorAction Stop + Write-Host " Successfully applied to '$($adapter.Name)'." -ForegroundColor Green + } + catch { + Write-Error "Failed on '$($adapter.Name)': $($_.Exception.Message)" + } +} + +Write-Host "`nClearing DNS cache..." +Clear-DnsClientCache + +Write-Host "`nConfiguration complete." -ForegroundColor Cyan +Read-Host "Press Enter to close this window."