使用工具:
Windows Package Manager
稳定版:
winget install Nextcloud.TalkBeta版本:
winget install Nextcloud.Talk.Beta
2025年5月31日星期六
Windows11 安装和更新 Nextcloud.Talk
使用工具:
稳定版:
我的网站在全球公共DNS服务器的命中情况
duckdns的权威DNS离我这里太远,而且TTL只有60,
所以每次从全球的各种递归DNS服务器上解析,基本上都会去权威DNS跑一圈,来回延迟基本2秒以上,所以经常遇到打开网站非常慢。
最近使用了一些办法,能尽量让全球公共DNS缓存我的域名,下面查询一下全球公共DNS服务器的命中情况。
Enter the domain to test (e.g., jpliuyu.duckdns.org): jpliuyu.duckdns.org
=== Starting DNS latency test for: jpliuyu.duckdns.org ===
Testing DNS: Google 1 (8.8.8.8) ... 4478.01 ms
Testing DNS: Google 2 (8.8.4.4) ... 201.68 ms
Testing DNS: Cloudflare 1 (1.1.1.1) ... 213.46 ms
Testing DNS: Cloudflare 2 (1.0.0.1) ... 215.34 ms
Testing DNS: OpenDNS 1 (208.67.222.222) ... 186.3 ms
Testing DNS: OpenDNS 2 (208.67.220.220) ... 182.39 ms
Testing DNS: Quad9 1 (9.9.9.9) ... 242.02 ms
Testing DNS: Quad9 2 (149.112.112.112) ... 224.78 ms
Testing DNS: Level3 1 (4.2.2.1) ... 374.39 ms
Testing DNS: Level3 2 (4.2.2.2) ... 20.75 ms
Testing DNS: Comodo (8.26.56.26) ... 469.87 ms
Testing DNS: Neustar (156.154.70.1) ... 383.28 ms
Testing DNS: Verisign (64.6.64.6) ... 416.65 ms
Testing DNS: AliDNS 1 (223.5.5.5) ... 70.85 ms
Testing DNS: AliDNS 2 (223.6.6.6) ... 72.95 ms
Testing DNS: 114DNS 1 (114.114.114.114) ... 87.18 ms
Testing DNS: 114DNS 2 (114.114.115.115) ... 86.96 ms
Testing DNS: DNSPod 1 (119.29.29.29) ... 546.04 ms
Testing DNS: DNSPod 2 (182.254.116.116) ... 530.33 ms
Testing DNS: 360DNS (101.226.4.6) ... 11083.51 ms
Testing DNS: CNNIC 1 (1.2.4.8) ... 706.79 ms
Testing DNS: CNNIC 2 (210.2.4.8) ... 206.09 ms
Testing DNS: Dnspai 1 (101.226.4.6) ... 239.48 ms
Testing DNS: Dnspai 2 (218.30.118.6) ... 568.99 ms
Testing DNS: Baidu (180.76.76.76) ... 439.85 ms
Testing DNS: Yandex DNS (77.88.8.8) ... 592.82 ms
Testing DNS: CleanBrowsing (185.228.168.9) ... 209.81 ms
Testing DNS: SafeDNS (195.46.39.39) ... 478.73 ms
Testing DNS: AdGuard 1 (94.140.14.14) ... 407.36 ms
Testing DNS: AdGuard 2 (94.140.15.15) ... 21.09 ms
Testing DNS: NTT DNS (129.250.35.250) ... 194.7 ms
Testing DNS: Korea KT (168.126.63.1) ... 300.4 ms
Testing DNS: Taiwan Hinet (168.95.1.1) ... 271.81 ms
Press Enter to test again, type 'r' to test a different domain, or type 'q' or 'exit' to quit:
从结果可以看出来 DNS: Google 1 (8.8.8.8) 没有命中,4秒的时间是跑权威DNS查询了,360DNS (101.226.4.6) 花了11秒, 也没有命中,其余的都命中了,这个速度比起跑去权威DNS查一次2秒以上的时间来说是非常满意了。
尤其是Level3 2 (4.2.2.2) 和 AdGuard 2 (94.140.15.15) 只用了20ms,绝对是缓存命中了。
查询工具下载:
https://github.com/liuyuf78fk/DNSLatencyTester.git
2025年5月30日星期五
tar 压缩和解压
tar.gz压缩
tar -czvf my.tar.gz 文件夹名
| 参数 | 含义 |
|---|---|
-c |
create:创建一个新的归档文件 |
-z |
gzip:通过 gzip 压缩 |
-v |
verbose:在终端显示打包过程(显示每个文件) |
-f |
file:指定归档文件名(必须紧跟文件名) |
tar.gz解压
tar -xzvf my.tar.gz
| 参数 | 含义 |
|---|---|
-x |
extract:解包归档文件 |
-z |
gzip:通过 gzip 解压缩 |
-v |
verbose:显示解压过程 |
-f |
file:指定归档文件名(必须紧跟文件名) |
如果是 .bz2 或 .xz 的文件,则:
-
用
-j替代-z(.tar.bz2) -
用
-J替代-z(.tar.xz)
PowerShell 7查询DNS方法
#使用默认DNS服务器查询
#仅返回IP
# 查询特定记录类型(MX/TXT等)
#测试DNS解析时间(类似dig的查询时间统计)
#批量测试多个DNS服务器
$servers = @(
# Cloudflare
"1.1.1.1", "1.0.0.1", "2606:4700:4700::1111", "2606:4700:4700::1001",
# Google
"8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844",
# Quad9 (安全DNS)
"9.9.9.9", "149.112.112.112", "2620:fe::fe", "2620:fe::9",
# OpenDNS
"208.67.222.222", "208.67.220.220", "2620:119:35::35", "2620:119:53::53",
# 中国-阿里DNS
"223.5.5.5", "223.6.6.6", "2400:3200::1", "2400:3200:baba::1",
# 中国-腾讯DNS
"119.29.29.29", "182.254.116.116", "2402:4e00::",
# 中国-百度DNS
"180.76.76.76",
# 中国-114DNS
"114.114.114.114", "114.114.115.115",
# 日本-SB DNS
"210.175.32.32", "210.175.32.33",
# 韩国-KT DNS
"168.126.63.1", "168.126.63.2", "2001:2e8:1c0:1::1",
# 新加坡-Singtel
"165.21.100.88", "165.21.83.88",
# 印度-TATA Communications
"202.138.120.86", "202.138.120.6",
# 美国-Verisign
"64.6.64.6", "64.6.65.6", "2620:74:1b::1:1",
# 美国-Comodo Secure DNS
"8.26.56.26", "8.20.247.20",
# 加拿大-Shaw Communications
"64.59.144.16", "64.59.144.32",
# 德国-DNSCrypt
"176.103.130.130", "176.103.130.131", "2a00:5a60::ad1:0ff",
# 瑞士-Swisscom
"195.186.1.110", "195.186.4.110",
# 英国-NIC
"194.168.4.100", "194.168.8.100",
# AdGuard
"94.140.14.14", "94.140.15.15", "2a10:50c0::ad1:ff", "2a10:50c0::ad2:ff",
# CleanBrowsing (家庭过滤)
"185.228.168.168", "185.228.169.168",
# ControlD
"76.76.2.0", "76.76.10.0",
# NextDNS
"45.90.28.0", "45.90.30.0", "2a07:a8c0::", "2a07:a8c1::"
)
$domain = "jpliuyu.duckdns.org"
foreach ($server in $servers) {
$time = Measure-Command {
Resolve-DnsName $domain -Server $server -ErrorAction SilentlyContinue
} | Select-Object -ExpandProperty TotalMilliseconds
Write-Output "$server responded in $time ms"
}
Resolve-DnsName jpliuyu.duckdns.org
#指定DNS服务器查询
Resolve-DnsName jpliuyu.duckdns.org -Server 1.1.1.1
Resolve-DnsName jpliuyu.duckdns.org | Select-Object -ExpandProperty IPAddress
# 查询特定记录类型(MX/TXT等)
Resolve-DnsName jpliuyu.duckdns.org -Type MX
Resolve-DnsName jpliuyu.duckdns.org -Type TXT
#测试DNS解析时间(类似dig的查询时间统计)
Measure-Command { Resolve-DnsName jpliuyu.duckdns.org -Server 8.8.8.8 } | Select-Object TotalMilliseconds
$servers = @(
# Cloudflare
"1.1.1.1", "1.0.0.1", "2606:4700:4700::1111", "2606:4700:4700::1001",
"8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844",
# Quad9 (安全DNS)
"9.9.9.9", "149.112.112.112", "2620:fe::fe", "2620:fe::9",
# OpenDNS
"208.67.222.222", "208.67.220.220", "2620:119:35::35", "2620:119:53::53",
# 中国-阿里DNS
"223.5.5.5", "223.6.6.6", "2400:3200::1", "2400:3200:baba::1",
# 中国-腾讯DNS
"119.29.29.29", "182.254.116.116", "2402:4e00::",
# 中国-百度DNS
"180.76.76.76",
# 中国-114DNS
"114.114.114.114", "114.114.115.115",
# 日本-SB DNS
"210.175.32.32", "210.175.32.33",
# 韩国-KT DNS
"168.126.63.1", "168.126.63.2", "2001:2e8:1c0:1::1",
# 新加坡-Singtel
"165.21.100.88", "165.21.83.88",
# 印度-TATA Communications
"202.138.120.86", "202.138.120.6",
# 美国-Verisign
"64.6.64.6", "64.6.65.6", "2620:74:1b::1:1",
# 美国-Comodo Secure DNS
"8.26.56.26", "8.20.247.20",
# 加拿大-Shaw Communications
"64.59.144.16", "64.59.144.32",
# 德国-DNSCrypt
"176.103.130.130", "176.103.130.131", "2a00:5a60::ad1:0ff",
# 瑞士-Swisscom
"195.186.1.110", "195.186.4.110",
# 英国-NIC
"194.168.4.100", "194.168.8.100",
# AdGuard
"94.140.14.14", "94.140.15.15", "2a10:50c0::ad1:ff", "2a10:50c0::ad2:ff",
# CleanBrowsing (家庭过滤)
"185.228.168.168", "185.228.169.168",
# ControlD
"76.76.2.0", "76.76.10.0",
# NextDNS
"45.90.28.0", "45.90.30.0", "2a07:a8c0::", "2a07:a8c1::"
)
$domain = "jpliuyu.duckdns.org"
foreach ($server in $servers) {
$time = Measure-Command {
Resolve-DnsName $domain -Server $server -ErrorAction SilentlyContinue
} | Select-Object -ExpandProperty TotalMilliseconds
Write-Output "$server responded in $time ms"
}
2025年5月29日星期四
Outlook邮箱去广告
屏蔽Outlook App广告的方法:
OpenWrt版本的 SmartDNS 服务器:
常规设置-域名屏蔽-域名列表
填入域名
outlookads.live.com
即可屏蔽。
-----------------------------------------------------
Linux标准版的SmartDNS 服务器:
修改 /etc/smartdns/smartdns.conf
添加下面一行解析到NXDOMAIN
address /outlookads.live.com/#
即可屏蔽。
2025年5月28日星期三
Win11释放IP,重新申请IP
PowerShell:
ipconfig /release | Out-Null; Start-Sleep -Seconds 1; ipconfig /renew; ipconfig /all
2025年5月27日星期二
20250816 更新: 红米AX6 OpenWrt NSS固件
20250816 更新: redmi_ax6_20250810 Latest
What's New
1 Added kmod-nf-tproxy
2 Added kmod-nft-tproxy
3 Added kmod-tcp-bbr
20250807 更新: redmi_ax6_20250807
What's New
1 Upgraded to Linux kernel 6.12.41
2 Minor stability improvements
20250720 更新: redmi_ax6_20250720
1 Removed dnsmasq, replaced with Kea DHCP + BIND2 Integrated latest BIND 9.20.11 (authoritative & recursive DNS)
3 Integrated Kea DHCP 2.6.4 (modern DHCP server)
4 Kea DHCP-DDNS enabled by default
5 Qualcomm NSS hardware acceleration enabled
6 Linux kernel 6.12.35 for enhanced device support
7 APK package manager replaces opkg
20250503 更新:redmi_ax6_20250503
更新了 ath11k nss驱动
提升系统稳定性
删除了一些没用的包
WIFI默认国家代码为CN,5Ghz 频宽默认40Mhz
20250430 更新:
redmi_ax6_20250430 Latest
集成 SmartDNS
集成了v2rayA
集成 中文语言包
默认开启 Wi-Fi (SSID: f78fk, password: 12345678)
内核 6.6.86
支持NSS硬件加速
以太网 NSS启用
WIFI NSS启用
实测 WAN->WIFI 跑满以太网950Mbps,CPU占用不超过1%
ath11k 驱动在 Linux 6.xx已经很成熟了,实测和QSDK基本没什么太大的区别,160Mhz也完美支持。
更新了 ath11k nss驱动
提升系统稳定性
删除了一些没用的包
WIFI默认国家代码为CN,5Ghz 频宽默认40Mhz
20250430 更新:
redmi_ax6_20250430 Latest
集成 SmartDNS
集成了v2rayA
集成 中文语言包
默认开启 Wi-Fi (SSID: f78fk, password: 12345678)
内核 6.6.86
支持NSS硬件加速
以太网 NSS启用
WIFI NSS启用
实测 WAN->WIFI 跑满以太网950Mbps,CPU占用不超过1%
ath11k 驱动在 Linux 6.xx已经很成熟了,实测和QSDK基本没什么太大的区别,160Mhz也完美支持。
刷机方法:
1 ,从官方openwrt固件的备份与升级,刷写固件,不保留配置即可。
2 ,如果是QSDK(非官方分区),需要先刷回openwrt官方版(原厂分区)后,按照方法1刷写即可。
QSDK大分区切换回原厂分区的方法:
redmi_ax6 官方mibib
https://drive.google.com/file/d/1CjCiicChz1vtINaaJphfbOVVPINqyoTc/view?usp=sharing
1 ,从官方openwrt固件的备份与升级,刷写固件,不保留配置即可。
2 ,如果是QSDK(非官方分区),需要先刷回openwrt官方版(原厂分区)后,按照方法1刷写即可。
QSDK大分区切换回原厂分区的方法:
ssh上传红米AX6官方原厂mibib到tmp目录
依次输入3行命令
依次输入3行命令
--------------------------------------------------------------
mtd erase /dev/mtd1
mtd write /tmp/mibib.bin /dev/mtd1
reboot
--------------------------------------------------------------
mtd write /tmp/mibib.bin /dev/mtd1
reboot
--------------------------------------------------------------
长按复位键,插电后等待10秒松开
手动设置IP地址为
192.168.1.2 255.255.255.0
Firefox访问
192.168.1.1
即可进入uboot界面刷固件
手动设置IP地址为
192.168.1.2 255.255.255.0
Firefox访问
192.168.1.1
即可进入uboot界面刷固件
https://drive.google.com/file/d/1CjCiicChz1vtINaaJphfbOVVPINqyoTc/view?usp=sharing
Ubuntu24.04 服务器防火墙配置记录
今天家里的服务器,SSH在日本可以成功访问,
在中国的内网中却访问不了。
查看下防火墙配置
sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 43M packets, 81G bytes)
pkts bytes target prot opt in out source destination0 0 ACCEPT 6 -- * * 192.168.3.223 0.0.0.0/0 tcp dpt:8888
34623 2312K ACCEPT 6 -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 -m geoip --source-country CN,JP
385 17628 DROP 6 -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 -m geoip ! --source-country CN,JP
0 0 ACCEPT 6 -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888
Chain FORWARD (policy ACCEPT 27M packets, 23G bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 40M packets, 71G bytes)
pkts bytes target prot opt in out source destination
root@linux:~#
想起来之前配置了防火墙规则,允许CN和JP的IP访问,并且只允许了内网的192.168.3.223一台主机访问。
这下好办了,把192.168.3.0/24整个子网全部允许
sudo iptables -I INPUT -p tcp -s 192.168.3.0/24 --dport 8888 -j ACCEPT
root@linux:~# sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 43M packets, 81G bytes)
pkts bytes target prot opt in out source destination
38 7792 ACCEPT 6 -- * * 192.168.3.0/24 0.0.0.0/0 tcp dpt:8888
0 0 ACCEPT 6 -- * * 192.168.3.223 0.0.0.0/0 tcp dpt:8888
34629 2312K ACCEPT 6 -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 -m geoip --source-country CN,JP
385 17628 DROP 6 -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 -m geoip ! --source-country CN,JP
0 0 ACCEPT 6 -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888
Chain FORWARD (policy ACCEPT 27M packets, 23G bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 40M packets, 71G bytes)
pkts bytes target prot opt in out source destination
root@linux:~#
sudo netfilter-persistent save
测试,内网的另外一台电脑SSH成功登录。
对了,把以前那条老的规则应该删掉
sudo iptables -D INPUT -p tcp -s 192.168.3.223 --dport 8888 -j ACCEPT
sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 43M packets, 82G bytes)
pkts bytes target prot opt in out source destination
44 8176 ACCEPT 6 -- * * 192.168.3.0/24 0.0.0.0/0 tcp dpt:8888
34662 2315K ACCEPT 6 -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 -m ge oip --source-country CN,JP
385 17628 DROP 6 -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 -m ge oip ! --source-country CN,JP
0 0 ACCEPT 6 -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888
Chain FORWARD (policy ACCEPT 27M packets, 23G bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 40M packets, 71G bytes)
pkts bytes target prot opt in out source destination
root@linux:~#
成功,保存。
sudo netfilter-persistent save
修复Win11无法使用winget的问题
PowerShell 运行winget提示找不到命令,
修复方法:
1 管理员权限PowerShell 执行
修复方法:
1 管理员权限PowerShell 执行
Install-Module -Name Microsoft.WinGet.Client -Force2 管理员权限PowerShell 执行
Repair-WinGetPackageManager
2025年5月25日星期日
Windows 11 一键切换加密DNS (DoH)
最近经常使用公共热点,比如咖啡厅,麦当劳提供的WIFI,无加密,WEB认证。
成功开启了DoH,这样上网就安心多了。
离开公共WIFI后,因为家里网关已经设置了Doh,不再使用Win11的DoH,所以再次运行脚本
这次输入2,恢复DNS为从DHCP自动获取。
Set-DNS.ps1脚本里的接口使用的是[WLAN]
不同的电脑接口的名字不同,可以通过
认证通过后分配的DNS是传统的53端口明文DNS服务器,所以用着就感觉非常不安全,
虽说https能保证了浏览网站的内容是加密的,但是我访问了哪些网站,通过53端口的DNS请求全部暴露了出去,所以每次WEB认证通过,我都要手动在WIN11的界面上,设置手动DNS,1.1.1.1,并且开启DoH,每次都这样点击设置就感觉手太累了,不如写个小工具,一键切换,每次都能省了不少时间。
直接贴脚本内容吧:
首先Set-DNS.ps1
<#
Win11-DoH-Switcher
Copyright (C) 2025 Liu Yu <f78fk@live.com>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
#>
# Require admin privileges
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Write-Host "This script must be run as Administrator!" -ForegroundColor Red
Start-Sleep 3
exit
}
# Menu
Write-Host "`n=== DNS Configuration Script ===" -ForegroundColor Cyan
Write-Host "1. Set Cloudflare DNS (1.1.1.1) with STRICT DoH (no UDP fallback)"
Write-Host "2. Reset to DHCP automatic DNS"
Write-Host ""
虽说https能保证了浏览网站的内容是加密的,但是我访问了哪些网站,通过53端口的DNS请求全部暴露了出去,所以每次WEB认证通过,我都要手动在WIN11的界面上,设置手动DNS,1.1.1.1,并且开启DoH,每次都这样点击设置就感觉手太累了,不如写个小工具,一键切换,每次都能省了不少时间。
直接贴脚本内容吧:
首先Set-DNS.ps1
<#
Win11-DoH-Switcher
Copyright (C) 2025 Liu Yu <f78fk@live.com>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
#>
# Require admin privileges
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Write-Host "This script must be run as Administrator!" -ForegroundColor Red
Start-Sleep 3
exit
}
# Menu
Write-Host "`n=== DNS Configuration Script ===" -ForegroundColor Cyan
Write-Host "1. Set Cloudflare DNS (1.1.1.1) with STRICT DoH (no UDP fallback)"
Write-Host "2. Reset to DHCP automatic DNS"
Write-Host ""
# Get user choice
$choice = Read-Host "Enter option (1 or 2)"
# Configuration
switch ($choice) {
"1" {
# Set Cloudflare DNS
Set-DnsClientServerAddress -InterfaceAlias "WLAN" -ServerAddresses ("1.1.1.1", "1.0.0.1")
# Configure DoH with NO FALLBACK
Set-DnsClientDohServerAddress -ServerAddress "1.1.1.1" `
-DohTemplate "https://cloudflare-dns.com/dns-query{?dns}" `
-AllowFallbackToUdp $false `
-AutoUpgrade $true
Set-DnsClientDohServerAddress -ServerAddress "1.0.0.1" `
-DohTemplate "https://cloudflare-dns.com/dns-query{?dns}" `
-AllowFallbackToUdp $false `
-AutoUpgrade $true
Write-Host "`nSuccess! Configured:" -ForegroundColor Green
Write-Host "- Primary DNS: 1.1.1.1 (DoH enforced)"
Write-Host "- Secondary DNS: 1.0.0.1 (DoH enforced)"
Write-Host "- UDP fallback: DISABLED"
}
"2" {
# Reset to DHCP
Set-DnsClientServerAddress -InterfaceAlias "WLAN" -ResetServerAddresses
Write-Host "`nSuccess! DNS reset to DHCP automatic configuration" -ForegroundColor Green
}
default {
Write-Host "Invalid selection. Please run again and choose 1 or 2." -ForegroundColor Red
Start-Sleep 2
exit
}
}
# Verify configuration
Write-Host "`n=== Current DNS Settings ===" -ForegroundColor Yellow
Get-DnsClientServerAddress -InterfaceAlias "WLAN" | Format-Table -AutoSize
Write-Host "`n=== DoH Configuration ===" -ForegroundColor Yellow
Get-DnsClientDohServerAddress | Format-Table -AutoSize
# Keep window open
Write-Host ""
Read-Host "Press Enter to exit..."
然后是Set-DNS.bat
@REM Win11-DoH-Switcher
@REM Copyright (C) 2025 Liu Yu <f78fk@live.com>
@REM
@REM This program is free software: you can redistribute it and/or modify
@REM it under the terms of the GNU General Public License as published by
@REM the Free Software Foundation, either version 3 of the License, or
@REM (at your option) any later version.
@REM
@REM This program is distributed in the hope that it will be useful,
@REM but WITHOUT ANY WARRANTY; without even the implied warranty of
@REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@REM GNU General Public License for more details.
@echo off
:: Check admin rights
fltmc >nul 2>&1 && goto :ADMIN
:: Not elevated, create temporary VBS to trigger UAC
echo Requesting administrator privileges...
echo Set UAC = CreateObject("Shell.Application") > "%temp%\RunAsAdmin.vbs"
echo UAC.ShellExecute "%~dpnx0", "", "", "runas", 1 >> "%temp%\RunAsAdmin.vbs"
wscript "%temp%\RunAsAdmin.vbs"
exit /b
:ADMIN
:: Already elevated, run PowerShell script
powershell -ExecutionPolicy Bypass -File "%~dp0Set-DNS.ps1"
pause
两个文件放同一个目录,双击Set-DNS.bat,弹出超级管理员请求,点击是赋予权限,
然后输入1,设置1.1.1.1 DNS, 并且开启DoH,禁止回退到UDP53端口,
设置后ipconfig /all 确认
DNS 服务器 . . . . . . . . . . . : 1.1.1.1
DoH: https://cloudflare-dns.com/dns-query{?dns}
1.0.0.1
DoH: https://cloudflare-dns.com/dns-query{?dns}
$choice = Read-Host "Enter option (1 or 2)"
# Configuration
switch ($choice) {
"1" {
# Set Cloudflare DNS
Set-DnsClientServerAddress -InterfaceAlias "WLAN" -ServerAddresses ("1.1.1.1", "1.0.0.1")
# Configure DoH with NO FALLBACK
Set-DnsClientDohServerAddress -ServerAddress "1.1.1.1" `
-DohTemplate "https://cloudflare-dns.com/dns-query{?dns}" `
-AllowFallbackToUdp $false `
-AutoUpgrade $true
Set-DnsClientDohServerAddress -ServerAddress "1.0.0.1" `
-DohTemplate "https://cloudflare-dns.com/dns-query{?dns}" `
-AllowFallbackToUdp $false `
-AutoUpgrade $true
Write-Host "`nSuccess! Configured:" -ForegroundColor Green
Write-Host "- Primary DNS: 1.1.1.1 (DoH enforced)"
Write-Host "- Secondary DNS: 1.0.0.1 (DoH enforced)"
Write-Host "- UDP fallback: DISABLED"
}
"2" {
# Reset to DHCP
Set-DnsClientServerAddress -InterfaceAlias "WLAN" -ResetServerAddresses
Write-Host "`nSuccess! DNS reset to DHCP automatic configuration" -ForegroundColor Green
}
default {
Write-Host "Invalid selection. Please run again and choose 1 or 2." -ForegroundColor Red
Start-Sleep 2
exit
}
}
# Verify configuration
Write-Host "`n=== Current DNS Settings ===" -ForegroundColor Yellow
Get-DnsClientServerAddress -InterfaceAlias "WLAN" | Format-Table -AutoSize
Write-Host "`n=== DoH Configuration ===" -ForegroundColor Yellow
Get-DnsClientDohServerAddress | Format-Table -AutoSize
# Keep window open
Write-Host ""
Read-Host "Press Enter to exit..."
然后是Set-DNS.bat
@REM Win11-DoH-Switcher
@REM Copyright (C) 2025 Liu Yu <f78fk@live.com>
@REM
@REM This program is free software: you can redistribute it and/or modify
@REM it under the terms of the GNU General Public License as published by
@REM the Free Software Foundation, either version 3 of the License, or
@REM (at your option) any later version.
@REM
@REM This program is distributed in the hope that it will be useful,
@REM but WITHOUT ANY WARRANTY; without even the implied warranty of
@REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@REM GNU General Public License for more details.
@echo off
:: Check admin rights
fltmc >nul 2>&1 && goto :ADMIN
:: Not elevated, create temporary VBS to trigger UAC
echo Requesting administrator privileges...
echo Set UAC = CreateObject("Shell.Application") > "%temp%\RunAsAdmin.vbs"
echo UAC.ShellExecute "%~dpnx0", "", "", "runas", 1 >> "%temp%\RunAsAdmin.vbs"
wscript "%temp%\RunAsAdmin.vbs"
exit /b
:ADMIN
:: Already elevated, run PowerShell script
powershell -ExecutionPolicy Bypass -File "%~dp0Set-DNS.ps1"
pause
两个文件放同一个目录,双击Set-DNS.bat,弹出超级管理员请求,点击是赋予权限,
然后输入1,设置1.1.1.1 DNS, 并且开启DoH,禁止回退到UDP53端口,
设置后ipconfig /all 确认
DNS 服务器 . . . . . . . . . . . : 1.1.1.1
DoH: https://cloudflare-dns.com/dns-query{?dns}
1.0.0.1
DoH: https://cloudflare-dns.com/dns-query{?dns}
成功开启了DoH,这样上网就安心多了。
离开公共WIFI后,因为家里网关已经设置了Doh,不再使用Win11的DoH,所以再次运行脚本
这次输入2,恢复DNS为从DHCP自动获取。
Set-DNS.ps1脚本里的接口使用的是[WLAN]
不同的电脑接口的名字不同,可以通过
netsh interface show interface
查找WIFI 接口名称
查找出来如果不是[WLAN],就替换[WLAN]为你自己的[接口名称]
github地址:
https://github.com/liuyuf78fk/Win11-DoH-Switcher.git
查找出来如果不是[WLAN],就替换[WLAN]为你自己的[接口名称]
github地址:
https://github.com/liuyuf78fk/Win11-DoH-Switcher.git
订阅:
博文 (Atom)
-
20250816 更新: redmi_ax6_20250810 Latest What's New 1 Added kmod-nf-tproxy 2 Added kmod-nft-tproxy 3 Added kmod-tcp-bbr 20250807 更新: r...
-
查询自己的IP Display your current IP 👇 https://ip.f78fk.com