Back to Knowledge Base

Quick Reference

Configuration Endpoints

Use these addresses across all three methods below.

🔒 DNS over HTTPS

https://dns.unrulycitizen.com/dns-query

🛡 DNS over TLS

dns.unrulycitizen.com Port: 853

§ I

Windows Settings

The recommended approach — no tools required, works on any Windows 11 install.

Method 1 — Built-in Network Settings

1
Open Network Settings

Right-click the network icon in your system tray → select "Network and Internet settings".

2
Access Adapter Properties

Click "Advanced network settings" → "More network adapter options".

3
Open Connection Properties

Right-click your active connection (Ethernet or Wi-Fi) → "Properties".

4
Select IPv4

Double-click "Internet Protocol Version 4 (TCP/IPv4)" to open its properties.

5
Set DNS Server

Select "Use the following DNS server addresses" and enter the resolver IP:

Preferred DNS server: 140.82.41.243
6
Enable DoT

Click "Advanced" → open the DNS tab → check "Use DNS over HTTPS".

7
Set the Template

Set the dropdown to "Manual" and enter the DoT hostname:

dns.unrulycitizen.com

§ II

PowerShell

Run as Administrator for a one-shot automated setup.

Method 2 — PowerShell (Administrator)

Open Windows PowerShell as Administrator and paste the following. Replace "Ethernet" with your interface name (Wi-Fi, etc.).

# Set DNS resolver Set-DnsClientServerAddress -InterfaceAlias "Ethernet" ` -ServerAddresses "140.82.41.243" # Enable DoT — no fallback to unencrypted UDP Set-DnsClientDohServerAddress ` -ServerAddress "140.82.41.243" ` -DohTemplate "https://dns.unrulycitizen.com/dns-query" ` -AllowFallbackToUdp $false ` -AutoUpgrade $true

§ III

Registry Edit

For administrators deploying across machines or needing a persistent, script-friendly approach.

Method 3 — Registry (.reg file)

Copy the block below into a .reg file, then run it as Administrator.

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters] "DoHDefaultFallback"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers] "dns.unrulycitizen.com"="https://dns.unrulycitizen.com/dns-query"

Confirm It's Working

Verification

Run these commands to confirm DoT is active and no unencrypted queries are leaking.

Check DNS Settings via PowerShell

# Confirm DNS server assignment nslookup -type=soa unrulycitizen.com # Verify DoT template is active Get-DnsClientDohServerAddress

Test DoT Connection with kdig

Install kdig via Chocolatey (choco install knot), then run:

kdig @dns.unrulycitizen.com +tls-ca +tls-host=dns.unrulycitizen.com google.com

A successful response with no errors confirms the encrypted TLS tunnel is established.

Common Issues

Troubleshooting

If something isn't working, check these first.

DoT Not Working?

  • Ensure Windows 11 is on version 22H2 or later
  • Confirm port 853 is open on your firewall
  • Verify the DNS server IP address is correct
  • Try disabling IPv6 temporarily during setup

Falling Back to UDP?

  • Set AllowFallbackToUdp to $false in PowerShell
  • Check registry value DoHDefaultFallback is 0
  • Verify the template URL format is exactly correct
  • Restart the DNS Client service via services.msc

Need More Help?

Reach out or explore other platform guides in the Knowledge Base.

Contact Us → ← Back to Knowledge Base