DoH not working - Gateway (Windows)


I have an issue using the Cloudflare Gateway DoH in Windows 11.
Without the WARP client, if i only configure windows to the DNS IPs from Gateway, and use the DoH option integrated in the system, i cannot resolve any domain.

Using only the IPs (not secure by DoH) works just fine.
There is some limitation in use DoH directly in Windows?


DNS over HTTPS works for me on Windows 11.

If you run the command: netsh dns show encryption, does it show something like this?

Encryption settings for
DNS-over-HTTPS template     :
Auto-upgrade                : yes
UDP-fallback                : no

why we do always AutoUpgrade yes

what is autoupgrade and why yes

The blog Windows Insiders gain new DNS over HTTPS controls says:

If for some reason you want to add these DoH server definitions but leave them to use unencrypted DNS for now, you can set the -AutoUpgrade flag to false instead of true as in the examples above.

The documentation for PowerShell command Add-DnsClientDohServerAddress also explains this setting.

If I understand it correctly, it works as follows: Windows has multiple DNS-over-HTTPS template settings configured by default, including Quad9 and Google Public DNS. For all of those, the Auto-upgrade settings property is disabled by default, so that configuring the DNS forwarding to for example does not automatically enable DoH. This way, you can also configure custom DoH templates for Cloudflare once, and then toggle DoH on and off by toggling this autoupgrade setting.

This topic was automatically closed 4 hours after the last reply. New replies are no longer allowed.