1. Forum
  2. USENET
  3. alt.comp.os.windows-11

  • Re: Privacy Tutorial: Setting up system-wide DoH for the 1st time on Windows

    From Marion@marion@facts.com to alt.comp.os.windows-10,alt.comp.os.windows-11,alt.comp.microsoft.windows on Tue Aug 26 01:31:51 2025
    From Newsgroup: alt.comp.os.windows-11

    Update:
    Both Windows 10 & Windows 11 suck at system-wide DNS encryption setup.

    YogaDNS intercepts Windows DNS queries & routes thru encrypted protocols

    *YogaDNS* Version 1.47 (2025.04.30)
    Windows (x86, x64, ARM) 7, 8, 10, 11, Server 2012, 2016, 2019, 2022
    <https://yogadns.com/download/>
    <https://yogadns.com/download/YogaDNSSetup.exe>
    Name: YogaDNSSetup.exe
    Size: 8369736 bytes (8173 KiB)
    SHA256: C790B930B990D3906124CBFF26A634D6400460F1E24616E41A88A6DF0EAE0CE4

    Windows 10 does not have native support for DNS-over-HTTPS (DoH) at the
    system level unless you're using experimental builds and doing some manual configuration. Even then, it's limited and not easily managed via
    PowerShell or the GUI.

    Windows 11 does support DoH natively at the operating system level.
    However Windows 11's native DoH doesn't support DoQ, DNSCrypt, or DoH3.
    <https://www.reddit.com/r/nextdns/comments/16vue7u/yogadns_and_native_private_dns_on_windows_11/>

    Tools like YogaDNS are popular because they intercept DNS traffic & route
    it through encrypted channels like DoH, DoT, or DoQ, regardless of what Powershell commands your Windows supports.

    YogaDNS is a trialware->free Windows DNS client that intercepts
    DNS queries at the system level & routes them through encrypted protocols
    a. DoH (DNS over HTTPS) including DoH3
    b. DoT (DNS over TLS)
    c. DoQ (DNS over QUIC)
    d. DNSCrypt

    With YogaDNS, DNS DNS queries are encrypted before they leave your PC.

    After 30 days, what do you end up with as the "free" version:
    A. Only one DNS server is allowed (e.g., Cloudflare 1.1.1.1)
    B. Only two customizable rules (e.g., use YogaDNS for all web sites)
    C. It no longer automatically launches (you can launch it manually)
    D. It no longer runs in the background (it can be minimized though)

    Rules are like filters that tell it how to handle websites or networks.
    Example 1 Use Cloudflare for all websites.
    Example 2 Exclude local network devices.

    To overcome the automatic-launch limitation, you can manually add it to
    your Windows startup using Task Scheduler or to your Startup folder.
    1. Press Win + R, type shell:startup, and hit Enter.
    2. Copy the YogaDNS shortcut into that Startup folder.

    To clarify the lack of background services in the free version, the free version of YogaDNS must remain open to function, but it can be minimized to
    the system tray (i.e., iconified). That way, it won't clutter your screen,
    but if you close it completely, its system-wide DNS protection stops.

    Windows version information that this was tested on:
    PowerShell: 5.1.19041.6216
    Windows: 10.0.19045.6216
    Based on output from these two admin commands:
    C:\Windows\system32> powershell $PSVersionTable.PSVersion
    Major Minor Build Revision
    ----- ----- ----- --------
    5 1 19041 6216
    C:\Windows\system32> ver
    Microsoft Windows [Version 10.0.19045.6216]

    My system is running Windows 10 Version 22H2 (Build 19045.6216) which is
    the final major release of Windows 10l It's a fully updated Windows 10
    (22H2) but PowerShell is still showing the original base version (19041),
    but with the same patch level (6216) because PowerShell 5.1 is baked into Windows 10. That means it doesn't get version bumps with every OS update. Microsoft kept the PowerShell versioning aligned with the original base
    (19041) even though the Windows 10 22H2 OS itself has evolved.

    What this means is key DNS features in Windows 11 are missing or limited.

    These are not available in Windows 10 (19045.6216):
    a. Native DNS-over-HTTPS (DoH) support
    b. DoH configuration via Settings UI
    c. DoQ, DNSCrypt, DoH3 support
    d. DoH via Group Policy / Registry (but you can run registry hacks)
    e. DoH via netsh dns show encryption (limited on Windows 10 vs 11)
    f. PowerShell DNS cmdlets (limited on Windows 10 versus on Windows 11)
    g. DNS leak protection during boot (limited more on Windows 10 than 11)

    This means that it's "easier" to set up system-wide encrypted DNS on
    Windows 11 but even for advanced protocols like DoQ or DNSCrypt, neither Windows 10 nor Windows 11 supports them natively, so tools like YogaDNS are still useful for both platforms.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Marion@marion@facts.com to alt.comp.os.windows-10,alt.comp.os.windows-11,alt.comp.microsoft.windows on Thu Aug 28 01:25:15 2025
    From Newsgroup: alt.comp.os.windows-11

    On Tue, 26 Aug 2025 13:49:23 +0700, JJ wrote :


    After 30 days, what do you end up with as the "free" version:

    That's not freeware. That's crippleware.

    You bring up a good point in that it's not completely functional after 30d.
    The problem with freeware, is finding one that is fully functional.

    I don't yet know of a fully functional DoH tool for Windows 10/11.
    Do you?

    If not, then we're stuck with this as the best choice that we have so far.

    I get where you're coming from because you get more in the first 30 days
    than you get after the 31st day. But it is free to use after that.

    So while it doesn't have all the functionality, it has enough of it.
    Is that crippled or not?

    Dunno. I guess it depends on how badly you need the functionality it has.
    I suspect you need it badly if you want to run DoH on Windows 10 or older.

    Because Windows 10 and Windows 11 do not have good GUIs for DoH setup.
    So the question becomes what's a good freeware DoH setup tool for Windows?
    --- Synchronet 3.21a-Linux NewsLink 1.2