认证通过后分配的DNS是传统的53端口明文DNS服务器,所以用着就感觉非常不安全,
虽说https能保证了浏览网站的内容是加密的,但是我访问了哪些网站,通过53端口的DNS请求全部暴露了出去,所以每次WEB认证通过,我都要手动在WIN11的界面上,设置手动DNS,1.1.1.1,并且开启DoH,每次都这样点击设置就感觉手太累了,不如写个小工具,一键切换,每次都能省了不少时间。
直接贴脚本内容吧:
首先Set-DNS.ps1
<#
Win11-DoH-Switcher
Copyright (C) 2025 Liu Yu <f78fk@live.com>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
#>
# Require admin privileges
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Write-Host "This script must be run as Administrator!" -ForegroundColor Red
Start-Sleep 3
exit
}
# Menu
Write-Host "`n=== DNS Configuration Script ===" -ForegroundColor Cyan
Write-Host "1. Set Cloudflare DNS (1.1.1.1) with STRICT DoH (no UDP fallback)"
Write-Host "2. Reset to DHCP automatic DNS"
Write-Host ""
虽说https能保证了浏览网站的内容是加密的,但是我访问了哪些网站,通过53端口的DNS请求全部暴露了出去,所以每次WEB认证通过,我都要手动在WIN11的界面上,设置手动DNS,1.1.1.1,并且开启DoH,每次都这样点击设置就感觉手太累了,不如写个小工具,一键切换,每次都能省了不少时间。
直接贴脚本内容吧:
首先Set-DNS.ps1
<#
Win11-DoH-Switcher
Copyright (C) 2025 Liu Yu <f78fk@live.com>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
#>
# Require admin privileges
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Write-Host "This script must be run as Administrator!" -ForegroundColor Red
Start-Sleep 3
exit
}
# Menu
Write-Host "`n=== DNS Configuration Script ===" -ForegroundColor Cyan
Write-Host "1. Set Cloudflare DNS (1.1.1.1) with STRICT DoH (no UDP fallback)"
Write-Host "2. Reset to DHCP automatic DNS"
Write-Host ""
# Get user choice
$choice = Read-Host "Enter option (1 or 2)"
# Configuration
switch ($choice) {
"1" {
# Set Cloudflare DNS
Set-DnsClientServerAddress -InterfaceAlias "WLAN" -ServerAddresses ("1.1.1.1", "1.0.0.1")
# Configure DoH with NO FALLBACK
Set-DnsClientDohServerAddress -ServerAddress "1.1.1.1" `
-DohTemplate "https://cloudflare-dns.com/dns-query{?dns}" `
-AllowFallbackToUdp $false `
-AutoUpgrade $true
Set-DnsClientDohServerAddress -ServerAddress "1.0.0.1" `
-DohTemplate "https://cloudflare-dns.com/dns-query{?dns}" `
-AllowFallbackToUdp $false `
-AutoUpgrade $true
Write-Host "`nSuccess! Configured:" -ForegroundColor Green
Write-Host "- Primary DNS: 1.1.1.1 (DoH enforced)"
Write-Host "- Secondary DNS: 1.0.0.1 (DoH enforced)"
Write-Host "- UDP fallback: DISABLED"
}
"2" {
# Reset to DHCP
Set-DnsClientServerAddress -InterfaceAlias "WLAN" -ResetServerAddresses
Write-Host "`nSuccess! DNS reset to DHCP automatic configuration" -ForegroundColor Green
}
default {
Write-Host "Invalid selection. Please run again and choose 1 or 2." -ForegroundColor Red
Start-Sleep 2
exit
}
}
# Verify configuration
Write-Host "`n=== Current DNS Settings ===" -ForegroundColor Yellow
Get-DnsClientServerAddress -InterfaceAlias "WLAN" | Format-Table -AutoSize
Write-Host "`n=== DoH Configuration ===" -ForegroundColor Yellow
Get-DnsClientDohServerAddress | Format-Table -AutoSize
# Keep window open
Write-Host ""
Read-Host "Press Enter to exit..."
然后是Set-DNS.bat
@REM Win11-DoH-Switcher
@REM Copyright (C) 2025 Liu Yu <f78fk@live.com>
@REM
@REM This program is free software: you can redistribute it and/or modify
@REM it under the terms of the GNU General Public License as published by
@REM the Free Software Foundation, either version 3 of the License, or
@REM (at your option) any later version.
@REM
@REM This program is distributed in the hope that it will be useful,
@REM but WITHOUT ANY WARRANTY; without even the implied warranty of
@REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@REM GNU General Public License for more details.
@echo off
:: Check admin rights
fltmc >nul 2>&1 && goto :ADMIN
:: Not elevated, create temporary VBS to trigger UAC
echo Requesting administrator privileges...
echo Set UAC = CreateObject("Shell.Application") > "%temp%\RunAsAdmin.vbs"
echo UAC.ShellExecute "%~dpnx0", "", "", "runas", 1 >> "%temp%\RunAsAdmin.vbs"
wscript "%temp%\RunAsAdmin.vbs"
exit /b
:ADMIN
:: Already elevated, run PowerShell script
powershell -ExecutionPolicy Bypass -File "%~dp0Set-DNS.ps1"
pause
两个文件放同一个目录,双击Set-DNS.bat,弹出超级管理员请求,点击是赋予权限,
然后输入1,设置1.1.1.1 DNS, 并且开启DoH,禁止回退到UDP53端口,
设置后ipconfig /all 确认
DNS 服务器 . . . . . . . . . . . : 1.1.1.1
DoH: https://cloudflare-dns.com/dns-query{?dns}
1.0.0.1
DoH: https://cloudflare-dns.com/dns-query{?dns}
$choice = Read-Host "Enter option (1 or 2)"
# Configuration
switch ($choice) {
"1" {
# Set Cloudflare DNS
Set-DnsClientServerAddress -InterfaceAlias "WLAN" -ServerAddresses ("1.1.1.1", "1.0.0.1")
# Configure DoH with NO FALLBACK
Set-DnsClientDohServerAddress -ServerAddress "1.1.1.1" `
-DohTemplate "https://cloudflare-dns.com/dns-query{?dns}" `
-AllowFallbackToUdp $false `
-AutoUpgrade $true
Set-DnsClientDohServerAddress -ServerAddress "1.0.0.1" `
-DohTemplate "https://cloudflare-dns.com/dns-query{?dns}" `
-AllowFallbackToUdp $false `
-AutoUpgrade $true
Write-Host "`nSuccess! Configured:" -ForegroundColor Green
Write-Host "- Primary DNS: 1.1.1.1 (DoH enforced)"
Write-Host "- Secondary DNS: 1.0.0.1 (DoH enforced)"
Write-Host "- UDP fallback: DISABLED"
}
"2" {
# Reset to DHCP
Set-DnsClientServerAddress -InterfaceAlias "WLAN" -ResetServerAddresses
Write-Host "`nSuccess! DNS reset to DHCP automatic configuration" -ForegroundColor Green
}
default {
Write-Host "Invalid selection. Please run again and choose 1 or 2." -ForegroundColor Red
Start-Sleep 2
exit
}
}
# Verify configuration
Write-Host "`n=== Current DNS Settings ===" -ForegroundColor Yellow
Get-DnsClientServerAddress -InterfaceAlias "WLAN" | Format-Table -AutoSize
Write-Host "`n=== DoH Configuration ===" -ForegroundColor Yellow
Get-DnsClientDohServerAddress | Format-Table -AutoSize
# Keep window open
Write-Host ""
Read-Host "Press Enter to exit..."
然后是Set-DNS.bat
@REM Win11-DoH-Switcher
@REM Copyright (C) 2025 Liu Yu <f78fk@live.com>
@REM
@REM This program is free software: you can redistribute it and/or modify
@REM it under the terms of the GNU General Public License as published by
@REM the Free Software Foundation, either version 3 of the License, or
@REM (at your option) any later version.
@REM
@REM This program is distributed in the hope that it will be useful,
@REM but WITHOUT ANY WARRANTY; without even the implied warranty of
@REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@REM GNU General Public License for more details.
@echo off
:: Check admin rights
fltmc >nul 2>&1 && goto :ADMIN
:: Not elevated, create temporary VBS to trigger UAC
echo Requesting administrator privileges...
echo Set UAC = CreateObject("Shell.Application") > "%temp%\RunAsAdmin.vbs"
echo UAC.ShellExecute "%~dpnx0", "", "", "runas", 1 >> "%temp%\RunAsAdmin.vbs"
wscript "%temp%\RunAsAdmin.vbs"
exit /b
:ADMIN
:: Already elevated, run PowerShell script
powershell -ExecutionPolicy Bypass -File "%~dp0Set-DNS.ps1"
pause
两个文件放同一个目录,双击Set-DNS.bat,弹出超级管理员请求,点击是赋予权限,
然后输入1,设置1.1.1.1 DNS, 并且开启DoH,禁止回退到UDP53端口,
设置后ipconfig /all 确认
DNS 服务器 . . . . . . . . . . . : 1.1.1.1
DoH: https://cloudflare-dns.com/dns-query{?dns}
1.0.0.1
DoH: https://cloudflare-dns.com/dns-query{?dns}
成功开启了DoH,这样上网就安心多了。
离开公共WIFI后,因为家里网关已经设置了Doh,不再使用Win11的DoH,所以再次运行脚本
这次输入2,恢复DNS为从DHCP自动获取。
Set-DNS.ps1脚本里的接口使用的是[WLAN]
不同的电脑接口的名字不同,可以通过
netsh interface show interface
查找WIFI 接口名称
查找出来如果不是[WLAN],就替换[WLAN]为你自己的[接口名称]
github地址:
https://github.com/liuyuf78fk/Win11-DoH-Switcher.git
查找出来如果不是[WLAN],就替换[WLAN]为你自己的[接口名称]
github地址:
https://github.com/liuyuf78fk/Win11-DoH-Switcher.git
没有评论:
发表评论