Solved Nord Vpn says this about next dns

Status
Not open for further replies.
peterfat11

peterfat11

Level 11
Thread author
Verified
Top Poster
Well-known
Mar 25, 2021
515
1647739792729.png
 
  • Like
Reactions: Brahman
Sort by date Sort by votes
Brahman

Brahman

Level 17
Verified
Top Poster
Well-known
Aug 22, 2013
838
peterfat111 said:
View attachment 265131
Click to expand...
Are you running Nextdns app? The nextdns root certificate is not needed if you are using nextdns doh on windows. If you are on windows 11 you can natively run Nextdns Doh without any root certificate or app. (You can also use yoga Dns app to get rid of the root certificate)
First Set 45.90.28.0 and 45.90.30.0 as system DNS. Then on an elevated command prompt run the following

netsh dns add encryption server=45.90.28.0 dohtemplate=https://dns1.nextdns.io/xxxxxx/Windows
netsh dns add encryption server=45.90.30.0 dohtemplate=https://dns2.nextdns.io/xxxxxx/Windows
Click to expand...
Don't forget to replace "xxxxxx" with your nextDns configuration Id.
 
  • Like
Reactions: blackice
Upvote 0
n8chavez

n8chavez

Level 17
Well-known
Feb 26, 2021
841
This will work. I'm using it with NordVPN right now. Use this script to configure DoH on Windows 11. It works with ipv4 and ipv6. Run powershell as admin. It'll prompt you for NextDNS ID and device name. Aldo, using the group policy (gpedit.msc), it wouldn't hurt to enforce using only DoH.

Computer Configuration > Administrative Templates > Network > DNS Client > Configure DNS over HTTPS (DoH) name resolution, the select Require DoH.



Code: 
#requires -RunAsAdministrator

$id = Read-Host "NextDNS ID"
$device = Read-Host "Device Name (Leave empty if annonymous)"
$template = "https://dns.nextdns.io/" + $id + "/" + $device

$ipv6a = "2a07:a8c0::" + $id.substring(0,2) + ":" + $id.substring(2,4)
$ipv6b = "2a07:a8c1::" + $id.substring(0,2) + ":" + $id.substring(2,4)

Write-Host Adding DOH servers... -ForegroundColor Green
Remove-DnsClientDohServerAddress -ServerAddress 45.90.30.129, 45.90.28.129, $ipv6a, $ipv6b -Erroraction Ignore | Out-Null
Add-DnsClientDohServerAddress -ServerAddress 45.90.28.129 -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress 45.90.30.129 -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress $ipv6a -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True
Add-DnsClientDohServerAddress -ServerAddress $ipv6b -DohTemplate $template -AllowFallbackToUdp $False -AutoUpgrade $True

Write-Host Redirect DNS to DOH... -ForegroundColor Green
Get-NetIPConfiguration | where InterfaceAlias -match "^Mine|^Ethernet" | ForEach { ($_).InterfaceIndex } | ForEach { Set-DnsClientServerAddress -InterfaceIndex $_ -ServerAddresses 45.90.28.129, 45.90.30.129, $ipv6a, $ipv6b }
 
Last edited:
Upvote 0
Status
Not open for further replies.

Similar threads

CyberTech
    • Like
    • Applause
    • Thanks
Serious Discussion Mullvad's public encrypted DNS Servers run in RAM now
Replies
0
Views
633
VPN and DNS
CyberTech
CyberTech
Gandalf_The_Grey
    • +Reputation
    • Wow
    • Like
Security News Android bug can leak DNS traffic with VPN kill switch enabled
Replies
0
Views
930
Security News
Gandalf_The_Grey
Gandalf_The_Grey
simmerskool
    • Like
Question VPN privacy on iphone? odd popup
Replies
3
Views
401
VPN and DNS
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top