From dca945c01e2c9e58ccfb2672a1e93945e4bbc0fb Mon Sep 17 00:00:00 2001 From: sruthytv1988 <136442515+sruthytv1988@users.noreply.github.com> Date: Sat, 3 Jan 2026 02:24:09 +0530 Subject: [PATCH 1/9] Add DNS over HTTPS cmdlets documentation --- .../Get-DnsServerEncryptionProtocol.md | 153 +++++++++++ .../Set-DnsServerEncryptionProtocol.md | 247 ++++++++++++++++++ 2 files changed, 400 insertions(+) create mode 100644 docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md create mode 100644 docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md diff --git a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md new file mode 100644 index 0000000000..01e4b7517d --- /dev/null +++ b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md @@ -0,0 +1,153 @@ +--- +external help file: PS_DnsServerEncryptionProtocol_v1.0.0.cdxml-help.xml +Module Name: DnsServer +online version: +schema: 2.0.0 +--- + +# Get-DnsServerEncryptionProtocol + +## SYNOPSIS +Retrieves DNS server encryption protocol settings. + +## SYNTAX + +``` +Get-DnsServerEncryptionProtocol [-ComputerName ] [-PassThru ] [-CimSession ] + [-ThrottleLimit ] [-AsJob] [] +``` + +## DESCRIPTION +The Get-DnsServerEncryptionProtocol cmdlet retrieves Domain Name System (DNS) server encryption settings. This cmdlet shows: + +- DNS over HTTPS (DoH) encryption status (enabled or disabled) +- Specifies the URI template(s) for DNS over HTTPS (DoH) requests + +When DoH is enabled, DNS queries are encrypted using HTTPS to provide enhanced security for DNS communications. Multiple URI templates can be configured to provide redundancy and load distribution across DoH endpoints. + +## EXAMPLES + +### Example 1: Retrieve encryption settings from local DNS server +```powershell +PS C:\> Get-DnsServerEncryptionProtocol + +EnableDoh : True +UriTemplate : https://dnsserver.example.com/dns-query|https://backup.example.com/dns-query +``` + +This command retrieves the current encryption settings from the local DNS server. The output shows that DNS over HTTPS (DoH) is enabled with multiple URI templates configured for redundancy. Templates are displayed pipe-separated. + +### Example 2: Retrieve encryption settings from remote DNS server +```powershell +PS C:\> Get-DnsServerEncryptionProtocol -ComputerName "dns1.contoso.com" + +EnableDoh : False +UriTemplate : +``` + +This command retrieves the encryption settings from a remote DNS server. The output shows that DoH is currently disabled and no URI template is configured. + +## PARAMETERS + +### -AsJob +Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. + +The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the `*-Job` cmdlets. To get the job results, use the Receive-Job cmdlet. + +For more information about Windows PowerShell background jobs, see about_Jobs. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CimSession +Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer. + +```yaml +Type: CimSession[] +Parameter Sets: (All) +Aliases: Session + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Specifies a DNS server. The acceptable values for this parameter are: an IPv4 address; an IPv6 address; any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Cn + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ThrottleLimit +Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of `0` is entered, then Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Boolean + +## OUTPUTS + +### Microsoft.Management.Infrastructure.CimInstance + +### Microsoft.Management.Infrastructure.CimInstance#DnsServerEncryptionProtocol + +## NOTES +- The DNS server must be running Windows Server 2025 or later to support encryption settings. +- When EnableDoh is false, the URI Template will be empty. +- This cmdlet can be used to verify DoH configuration before and after making changes. + +## RELATED LINKS + +[Set-DnsServerEncryptionProtocol](Set-DnsServerEncryptionProtocol.md) + +[DNS over HTTPS (DoH)](https://learn.microsoft.com/windows-server/networking/dns/dns-over-https) diff --git a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md new file mode 100644 index 0000000000..192fc33649 --- /dev/null +++ b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md @@ -0,0 +1,247 @@ +--- +external help file: PS_DnsServerEncryptionProtocol_v1.0.0.cdxml-help.xml +Module Name: DnsServer +online version: +schema: 2.0.0 +--- + +# Set-DnsServerEncryptionProtocol + +## SYNOPSIS +Configures DNS server encryption protocol settings. + +## SYNTAX + +``` +Set-DnsServerEncryptionProtocol -EnableDoh [-UriTemplate ] [-ComputerName ] + [-Force ] [-PassThru ] [-CimSession ] [-ThrottleLimit ] [-AsJob] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The Set-DnsServerEncryptionProtocol cmdlet modifies encryption settings on a Domain Name System (DNS) server. You can use this cmdlet to: + +- Enable or disable DNS over HTTPS (DoH) protocol +- Configure single or multiple URI templates for DoH requests + +After modifying encryption settings, you must restart the DNS Server service for changes to take effect. + +When DoH is enabled, DNS queries are encrypted using HTTPS to provide enhanced security for DNS communications. Multiple URI templates provide redundancy and load distribution. + +## EXAMPLES + +### Example 1: Enable DoH with a single URI template +```powershell +PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dns.example.com/dns-query" +PS C:\> Restart-Service DNS +``` + +This command enables DNS over HTTPS (DoH) on the DNS server with the specified URI template. The DNS service must be restarted for the changes to take effect. + +### Example 2: Enable DoH with multiple URI templates +```powershell +PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://primary.example.com/dns-query|https://backup.example.com/dns-query" +PS C:\> Restart-Service DNS +``` + +This command configures DoH with multiple URI templates (separated by pipe character) for redundancy and load distribution. + +### Example 3: Disable DoH +```powershell +PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $false +PS C:\> Restart-Service DNS +``` + +This command disables DNS over HTTPS (DoH) on the DNS server. The URI template configuration is cleared when DoH is disabled. + +## PARAMETERS + +### -AsJob +Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. + +The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the `*-Job` cmdlets. To get the job results, use the Receive-Job cmdlet. + +For more information about Windows PowerShell background jobs, see about_Jobs. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CimSession +Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer. + +```yaml +Type: CimSession[] +Parameter Sets: (All) +Aliases: Session + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ComputerName +Specifies a DNS server. The acceptable values for this parameter are: an IPv4 address; an IPv6 address; any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Cn + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableDoh +Specifies whether to enable or disable DNS over HTTPS (DoH) on the DNS server. Set to `$true` to enable DoH, or `$false` to disable it. When disabled, any configured URI templates are cleared. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. Use this parameter to bypass confirmation prompts when scripting or automating cmdlet execution. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output. + +```yaml +Type: Boolean +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ThrottleLimit +Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of `0` is entered, then Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer. + +```yaml +Type: Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -UriTemplate +Specifies one or more URI templates for DNS over HTTPS (DoH) requests. + +- For a single template: `"https://dns.example.com/dns-query"` +- For multiple templates (redundancy/load balancing): `"https://primary.example.com/dns-query|https://backup.example.com/dns-query"` +- Templates must be valid HTTPS URIs compliant with RFC 3986 +- DoH implementation follows RFC 8484 (DNS Queries over HTTPS) specification +- Multiple templates are separated by the pipe character (|) +- This parameter is required when EnableDoh is set to `$true` + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.Boolean + +### System.String + +## OUTPUTS + +### Microsoft.Management.Infrastructure.CimInstance + +### Microsoft.Management.Infrastructure.CimInstance#DnsServerEncryptionProtocol + +## NOTES +- After modifying encryption settings, you must restart the DNS Server service for changes to take effect. +- When enabling DoH, ensure that the SSL/TLS certificate is properly configured for the specified URI template. +- The DNS server must be running Windows Server 2025 or later. +- The UriTemplate parameter is required when EnableDoh is set to `$true`. +- Multiple URI templates provide redundancy and load distribution. + +## RELATED LINKS + +[Get-DnsServerEncryptionProtocol](Get-DnsServerEncryptionProtocol.md) + +[DNS over HTTPS (DoH)](https://learn.microsoft.com/windows-server/networking/dns/dns-over-https) From 519e37502fc3bbcaad8f48febc6a9fa28436e8b9 Mon Sep 17 00:00:00 2001 From: Sruthy TV Date: Wed, 14 Jan 2026 17:00:29 +0530 Subject: [PATCH 2/9] updated new cmdlets --- docset/winserver2025-ps/DnsServer/DnsServer.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docset/winserver2025-ps/DnsServer/DnsServer.md b/docset/winserver2025-ps/DnsServer/DnsServer.md index faa54196d4..952c73bb39 100644 --- a/docset/winserver2025-ps/DnsServer/DnsServer.md +++ b/docset/winserver2025-ps/DnsServer/DnsServer.md @@ -144,6 +144,9 @@ Retrieves DNS Server Active Directory settings ### [Get-DnsServerEDns](./Get-DnsServerEDns.md) Gets EDNS configuration settings on a DNS server. +### [Get-DnsServerEncryptionProtocol](./Get-DnsServerEncryptionProtocol.md) +Retrieves DNS over HTTPS (DoH) settings on a DNS server. + ### [Get-DnsServerForwarder](./Get-DnsServerForwarder.md) Gets forwarder configuration settings on a DNS server. @@ -312,6 +315,9 @@ Modifies DNS Active Directory settings. ### [Set-DnsServerEDns](./Set-DnsServerEDns.md) Changes EDNS settings on a DNS server. +### [Set-DnsServerEncryptionProtocol](./Set-DnsServerEncryptionProtocol.md) +Configures DNS over HTTPS (DoH) settings on a DNS server. + ### [Set-DnsServerForwarder](./Set-DnsServerForwarder.md) Changes forwarder settings on a DNS server. From 2cab0182e2466b947e43e51625cd877a803f1535 Mon Sep 17 00:00:00 2001 From: sruthytv1988 <136442515+sruthytv1988@users.noreply.github.com> Date: Fri, 16 Jan 2026 14:54:22 +0530 Subject: [PATCH 3/9] updated get help files of doh --- .../Get-DnsServerEncryptionProtocol.md | 47 ++++++------ .../Set-DnsServerEncryptionProtocol.md | 74 ++++++++----------- 2 files changed, 53 insertions(+), 68 deletions(-) diff --git a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md index 01e4b7517d..a58bb30cbc 100644 --- a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md @@ -1,14 +1,17 @@ --- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: PS_DnsServerEncryptionProtocol_v1.0.0.cdxml-help.xml Module Name: DnsServer -online version: +ms.date: 01/14/2026 +online version: https://learn.microsoft.com/powershell/module/dnsserver/get-dnsserverencryptionprotocol?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 +title: Get-DnsServerEncryptionProtocol --- # Get-DnsServerEncryptionProtocol ## SYNOPSIS -Retrieves DNS server encryption protocol settings. +Retrieves DNS server encryption protocol settings. This cmdlet is available on Windows Server 2025 or later. ## SYNTAX @@ -18,12 +21,7 @@ Get-DnsServerEncryptionProtocol [-ComputerName ] [-PassThru ] [ ``` ## DESCRIPTION -The Get-DnsServerEncryptionProtocol cmdlet retrieves Domain Name System (DNS) server encryption settings. This cmdlet shows: - -- DNS over HTTPS (DoH) encryption status (enabled or disabled) -- Specifies the URI template(s) for DNS over HTTPS (DoH) requests - -When DoH is enabled, DNS queries are encrypted using HTTPS to provide enhanced security for DNS communications. Multiple URI templates can be configured to provide redundancy and load distribution across DoH endpoints. +The **Get-DnsServerEncryptionProtocol** cmdlet retrieves Domain Name System (DNS) server DNS over HTTPS (DoH) settings: **EnableDoh** and **UriTemplate**. ## EXAMPLES @@ -32,10 +30,10 @@ When DoH is enabled, DNS queries are encrypted using HTTPS to provide enhanced s PS C:\> Get-DnsServerEncryptionProtocol EnableDoh : True -UriTemplate : https://dnsserver.example.com/dns-query|https://backup.example.com/dns-query +UriTemplate : https://dnsserver.example.net/dns-query ``` -This command retrieves the current encryption settings from the local DNS server. The output shows that DNS over HTTPS (DoH) is enabled with multiple URI templates configured for redundancy. Templates are displayed pipe-separated. +This command retrieves the current encryption settings from the local DNS server. The output shows that DNS over HTTPS (DoH) is enabled with a configured URI template. ### Example 2: Retrieve encryption settings from remote DNS server ```powershell @@ -45,16 +43,19 @@ EnableDoh : False UriTemplate : ``` -This command retrieves the encryption settings from a remote DNS server. The output shows that DoH is currently disabled and no URI template is configured. +This command retrieves the encryption settings from a remote DNS server. The output shows that DNS over HTTPS (DoH) is currently disabled. ## PARAMETERS ### -AsJob Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. -The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the `*-Job` cmdlets. To get the job results, use the Receive-Job cmdlet. +The cmdlet immediately returns an object that represents the job and then displays the command prompt. +You can continue to work in the session while the job completes. +To manage the job, use the `*-Job` cmdlets. +To get the job results, use the [Receive-Job](https://go.microsoft.com/fwlink/?LinkID=113372) cmdlet. -For more information about Windows PowerShell background jobs, see about_Jobs. +For more information about Windows PowerShell background jobs, see [about_Jobs](https://go.microsoft.com/fwlink/?LinkID=113251). ```yaml Type: SwitchParameter @@ -69,7 +70,9 @@ Accept wildcard characters: False ``` ### -CimSession -Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer. +Runs the cmdlet in a remote session or on a remote computer. +Enter a computer name or a session object, such as the output of a [New-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227967) or [Get-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227966) cmdlet. +The default is the current session on the local computer. ```yaml Type: CimSession[] @@ -84,7 +87,8 @@ Accept wildcard characters: False ``` ### -ComputerName -Specifies a DNS server. The acceptable values for this parameter are: an IPv4 address; an IPv6 address; any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name. +Specifies a DNS server. +The acceptable values for this parameter are: an IP V4 address; an IP V6 address; any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name. ```yaml Type: String @@ -129,25 +133,16 @@ Accept wildcard characters: False ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS -### System.Boolean - ## OUTPUTS -### Microsoft.Management.Infrastructure.CimInstance - ### Microsoft.Management.Infrastructure.CimInstance#DnsServerEncryptionProtocol ## NOTES -- The DNS server must be running Windows Server 2025 or later to support encryption settings. -- When EnableDoh is false, the URI Template will be empty. -- This cmdlet can be used to verify DoH configuration before and after making changes. ## RELATED LINKS -[Set-DnsServerEncryptionProtocol](Set-DnsServerEncryptionProtocol.md) - -[DNS over HTTPS (DoH)](https://learn.microsoft.com/windows-server/networking/dns/dns-over-https) +[Set-DnsServerEncryptionProtocol](./Set-DnsServerEncryptionProtocol.md) diff --git a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md index 192fc33649..aafc1720dc 100644 --- a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md @@ -1,8 +1,11 @@ --- +description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: PS_DnsServerEncryptionProtocol_v1.0.0.cdxml-help.xml Module Name: DnsServer -online version: +ms.date: 01/14/2026 +online version: https://learn.microsoft.com/powershell/module/dnsserver/set-dnsserverencryptionprotocol?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 +title: Set-DnsServerEncryptionProtocol --- # Set-DnsServerEncryptionProtocol @@ -14,54 +17,55 @@ Configures DNS server encryption protocol settings. ``` Set-DnsServerEncryptionProtocol -EnableDoh [-UriTemplate ] [-ComputerName ] - [-Force ] [-PassThru ] [-CimSession ] [-ThrottleLimit ] [-AsJob] + [-Force] [-PassThru ] [-CimSession ] [-ThrottleLimit ] [-AsJob] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION -The Set-DnsServerEncryptionProtocol cmdlet modifies encryption settings on a Domain Name System (DNS) server. You can use this cmdlet to: +The **Set-DnsServerEncryptionProtocol** cmdlet modifies encryption settings on a Domain Name System (DNS) server to enable or disable DNS over HTTPS (DoH) protocol and configure URI templates for DNS queries. When DoH is enabled, DNS queries are encrypted over HTTPS, protecting them from eavesdropping and tampering. After modifying encryption settings, you must restart the DNS Server service for changes to take effect. Ensure that a valid SSL/TLS certificate is configured for the DNS server with the hostname(s) specified in the URI template(s). This cmdlet is available on Windows Server 2025 or later. -- Enable or disable DNS over HTTPS (DoH) protocol -- Configure single or multiple URI templates for DoH requests - -After modifying encryption settings, you must restart the DNS Server service for changes to take effect. +## EXAMPLES -When DoH is enabled, DNS queries are encrypted using HTTPS to provide enhanced security for DNS communications. Multiple URI templates provide redundancy and load distribution. +### Example 1: Enable DNS over HTTPS (DoH) with default URI template +```powershell +PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true +PS C:\> Restart-Service DNS +``` -## EXAMPLES +This command enables DNS over HTTPS (DoH) using the default URI template path `/dns-query`. When you don't specify the **UriTemplate** parameter, the DNS server uses a template based on the server's FQDN with the standard `/dns-query` path (for example, `https://dnsserver.contoso.com/dns-query`). -### Example 1: Enable DoH with a single URI template +### Example 2: Enable DNS over HTTPS (DoH) with a single URI template ```powershell -PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dns.example.com/dns-query" +PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query" PS C:\> Restart-Service DNS ``` This command enables DNS over HTTPS (DoH) on the DNS server with the specified URI template. The DNS service must be restarted for the changes to take effect. -### Example 2: Enable DoH with multiple URI templates +### Example 3: Enable DNS over HTTPS (DoH) with multiple URI templates ```powershell -PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://primary.example.com/dns-query|https://backup.example.com/dns-query" +PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query" PS C:\> Restart-Service DNS ``` -This command configures DoH with multiple URI templates (separated by pipe character) for redundancy and load distribution. +This command configures DNS over HTTPS (DoH) with multiple URI templates separated by the pipe character (|) for redundancy and load distribution. A maximum of three URI templates can be specified. -### Example 3: Disable DoH +### Example 4: Disable DNS over HTTPS (DoH) ```powershell PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $false PS C:\> Restart-Service DNS ``` -This command disables DNS over HTTPS (DoH) on the DNS server. The URI template configuration is cleared when DoH is disabled. +This command disables DNS over HTTPS (DoH) on the DNS server. All configured URI templates are automatically cleared. ## PARAMETERS ### -AsJob Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. -The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the `*-Job` cmdlets. To get the job results, use the Receive-Job cmdlet. +The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the `*-Job` cmdlets. To get the job results, use the [Receive-Job](https://go.microsoft.com/fwlink/?LinkID=113372) cmdlet. -For more information about Windows PowerShell background jobs, see about_Jobs. +For more information about Windows PowerShell background jobs, see [about_Jobs](https://go.microsoft.com/fwlink/?LinkID=113251). ```yaml Type: SwitchParameter @@ -93,6 +97,7 @@ Accept wildcard characters: False ### -ComputerName Specifies a DNS server. The acceptable values for this parameter are: an IPv4 address; an IPv6 address; any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name. + ```yaml Type: String Parameter Sets: (All) @@ -136,10 +141,10 @@ Accept wildcard characters: False ``` ### -Force -Forces the command to run without asking for user confirmation. Use this parameter to bypass confirmation prompts when scripting or automating cmdlet execution. +Forces the command to run without asking for user confirmation. ```yaml -Type: Boolean +Type: SwitchParameter Parameter Sets: (All) Aliases: @@ -181,14 +186,12 @@ Accept wildcard characters: False ``` ### -UriTemplate -Specifies one or more URI templates for DNS over HTTPS (DoH) requests. +Specifies one or more URI templates for DNS over HTTPS (DoH) queries. If not specified when **EnableDoh** is set to `$true`, the DNS server uses a default URI template with the `/dns-query` path based on the server's fully qualified domain name (FQDN). + +For a single URI template, specify `"https://dnsserver.example.net/dns-query"`. To provide multiple URI templates for redundancy and load balancing, specify them as **a single string** with templates separated by the pipe character (|): `"https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query"`. A maximum of three URI templates can be specified. + +URI templates must be valid HTTPS URIs compliant with [RFC 3986, Uniform Resource Identifier (URI): Generic Syntax](https://datatracker.ietf.org/doc/html/rfc3986). Ensure that a valid SSL/TLS certificate is configured for the DNS server with the hostname(s) specified in the URI template(s). -- For a single template: `"https://dns.example.com/dns-query"` -- For multiple templates (redundancy/load balancing): `"https://primary.example.com/dns-query|https://backup.example.com/dns-query"` -- Templates must be valid HTTPS URIs compliant with RFC 3986 -- DoH implementation follows RFC 8484 (DNS Queries over HTTPS) specification -- Multiple templates are separated by the pipe character (|) -- This parameter is required when EnableDoh is set to `$true` ```yaml Type: String @@ -219,29 +222,16 @@ Accept wildcard characters: False ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS -### System.Boolean - -### System.String - ## OUTPUTS -### Microsoft.Management.Infrastructure.CimInstance - ### Microsoft.Management.Infrastructure.CimInstance#DnsServerEncryptionProtocol ## NOTES -- After modifying encryption settings, you must restart the DNS Server service for changes to take effect. -- When enabling DoH, ensure that the SSL/TLS certificate is properly configured for the specified URI template. -- The DNS server must be running Windows Server 2025 or later. -- The UriTemplate parameter is required when EnableDoh is set to `$true`. -- Multiple URI templates provide redundancy and load distribution. ## RELATED LINKS -[Get-DnsServerEncryptionProtocol](Get-DnsServerEncryptionProtocol.md) - -[DNS over HTTPS (DoH)](https://learn.microsoft.com/windows-server/networking/dns/dns-over-https) +[Get-DnsServerEncryptionProtocol](./Get-DnsServerEncryptionProtocol.md) \ No newline at end of file From 1c9af45b01db24012950a1cb7a44a7b4599b2c8b Mon Sep 17 00:00:00 2001 From: robinharwood <19212983+robinharwood@users.noreply.github.com> Date: Mon, 19 Jan 2026 14:35:19 +0000 Subject: [PATCH 4/9] Minor editorial changes --- .../Get-DnsServerEncryptionProtocol.md | 33 ++++++++++++++++--- .../Set-DnsServerEncryptionProtocol.md | 18 +++++++++- 2 files changed, 45 insertions(+), 6 deletions(-) diff --git a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md index a58bb30cbc..5477a52a97 100644 --- a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md @@ -21,33 +21,47 @@ Get-DnsServerEncryptionProtocol [-ComputerName ] [-PassThru ] [ ``` ## DESCRIPTION + The **Get-DnsServerEncryptionProtocol** cmdlet retrieves Domain Name System (DNS) server DNS over HTTPS (DoH) settings: **EnableDoh** and **UriTemplate**. ## EXAMPLES ### Example 1: Retrieve encryption settings from local DNS server + +In this example, the command retrieves the current encryption settings from the local DNS server. + ```powershell -PS C:\> Get-DnsServerEncryptionProtocol +Get-DnsServerEncryptionProtocol +``` +```Output EnableDoh : True UriTemplate : https://dnsserver.example.net/dns-query ``` -This command retrieves the current encryption settings from the local DNS server. The output shows that DNS over HTTPS (DoH) is enabled with a configured URI template. +The output shows that DNS over HTTPS (DoH) is enabled with a configured URI template. ### Example 2: Retrieve encryption settings from remote DNS server + +In this example, the command retrieves the encryption settings from a remote DNS server named +"dns1.contoso.com". + ```powershell -PS C:\> Get-DnsServerEncryptionProtocol -ComputerName "dns1.contoso.com" +Get-DnsServerEncryptionProtocol -ComputerName "dns1.contoso.com" +``` +```Output EnableDoh : False UriTemplate : ``` -This command retrieves the encryption settings from a remote DNS server. The output shows that DNS over HTTPS (DoH) is currently disabled. +The output shows that DNS over HTTPS (DoH) is currently disabled for the specified remote DNS +server. ## PARAMETERS ### -AsJob + Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. @@ -70,6 +84,7 @@ Accept wildcard characters: False ``` ### -CimSession + Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a [New-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227967) or [Get-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227966) cmdlet. The default is the current session on the local computer. @@ -87,6 +102,7 @@ Accept wildcard characters: False ``` ### -ComputerName + Specifies a DNS server. The acceptable values for this parameter are: an IP V4 address; an IP V6 address; any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name. @@ -103,7 +119,8 @@ Accept wildcard characters: False ``` ### -PassThru -Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output. + +Returns an object representing the item with which you are working. By default, this cmdlet doesn't generate any output. ```yaml Type: Boolean @@ -118,6 +135,7 @@ Accept wildcard characters: False ``` ### -ThrottleLimit + Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of `0` is entered, then Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer. ```yaml @@ -133,10 +151,15 @@ Accept wildcard characters: False ``` ### CommonParameters + This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS +### None + +You cannot pipe objects to this cmdlet. + ## OUTPUTS ### Microsoft.Management.Infrastructure.CimInstance#DnsServerEncryptionProtocol diff --git a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md index aafc1720dc..9d8bf38ff9 100644 --- a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md @@ -22,11 +22,13 @@ Set-DnsServerEncryptionProtocol -EnableDoh [-UriTemplate ] [-C ``` ## DESCRIPTION + The **Set-DnsServerEncryptionProtocol** cmdlet modifies encryption settings on a Domain Name System (DNS) server to enable or disable DNS over HTTPS (DoH) protocol and configure URI templates for DNS queries. When DoH is enabled, DNS queries are encrypted over HTTPS, protecting them from eavesdropping and tampering. After modifying encryption settings, you must restart the DNS Server service for changes to take effect. Ensure that a valid SSL/TLS certificate is configured for the DNS server with the hostname(s) specified in the URI template(s). This cmdlet is available on Windows Server 2025 or later. ## EXAMPLES ### Example 1: Enable DNS over HTTPS (DoH) with default URI template + ```powershell PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true PS C:\> Restart-Service DNS @@ -35,6 +37,7 @@ PS C:\> Restart-Service DNS This command enables DNS over HTTPS (DoH) using the default URI template path `/dns-query`. When you don't specify the **UriTemplate** parameter, the DNS server uses a template based on the server's FQDN with the standard `/dns-query` path (for example, `https://dnsserver.contoso.com/dns-query`). ### Example 2: Enable DNS over HTTPS (DoH) with a single URI template + ```powershell PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query" PS C:\> Restart-Service DNS @@ -43,6 +46,7 @@ PS C:\> Restart-Service DNS This command enables DNS over HTTPS (DoH) on the DNS server with the specified URI template. The DNS service must be restarted for the changes to take effect. ### Example 3: Enable DNS over HTTPS (DoH) with multiple URI templates + ```powershell PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query" PS C:\> Restart-Service DNS @@ -51,6 +55,7 @@ PS C:\> Restart-Service DNS This command configures DNS over HTTPS (DoH) with multiple URI templates separated by the pipe character (|) for redundancy and load distribution. A maximum of three URI templates can be specified. ### Example 4: Disable DNS over HTTPS (DoH) + ```powershell PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $false PS C:\> Restart-Service DNS @@ -61,6 +66,7 @@ This command disables DNS over HTTPS (DoH) on the DNS server. All configured URI ## PARAMETERS ### -AsJob + Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the `*-Job` cmdlets. To get the job results, use the [Receive-Job](https://go.microsoft.com/fwlink/?LinkID=113372) cmdlet. @@ -80,6 +86,7 @@ Accept wildcard characters: False ``` ### -CimSession + Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer. ```yaml @@ -95,6 +102,7 @@ Accept wildcard characters: False ``` ### -ComputerName + Specifies a DNS server. The acceptable values for this parameter are: an IPv4 address; an IPv6 address; any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name. @@ -111,6 +119,7 @@ Accept wildcard characters: False ``` ### -Confirm + Prompts you for confirmation before running the cmdlet. ```yaml @@ -126,6 +135,7 @@ Accept wildcard characters: False ``` ### -EnableDoh + Specifies whether to enable or disable DNS over HTTPS (DoH) on the DNS server. Set to `$true` to enable DoH, or `$false` to disable it. When disabled, any configured URI templates are cleared. ```yaml @@ -141,6 +151,7 @@ Accept wildcard characters: False ``` ### -Force + Forces the command to run without asking for user confirmation. ```yaml @@ -156,7 +167,8 @@ Accept wildcard characters: False ``` ### -PassThru -Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output. + +Returns an object representing the item with which you are working. By default, this cmdlet doesn't generate any output. ```yaml Type: Boolean @@ -171,6 +183,7 @@ Accept wildcard characters: False ``` ### -ThrottleLimit + Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of `0` is entered, then Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer. ```yaml @@ -186,6 +199,7 @@ Accept wildcard characters: False ``` ### -UriTemplate + Specifies one or more URI templates for DNS over HTTPS (DoH) queries. If not specified when **EnableDoh** is set to `$true`, the DNS server uses a default URI template with the `/dns-query` path based on the server's fully qualified domain name (FQDN). For a single URI template, specify `"https://dnsserver.example.net/dns-query"`. To provide multiple URI templates for redundancy and load balancing, specify them as **a single string** with templates separated by the pipe character (|): `"https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query"`. A maximum of three URI templates can be specified. @@ -206,6 +220,7 @@ Accept wildcard characters: False ``` ### -WhatIf + Shows what would happen if the cmdlet runs. The cmdlet is not run. @@ -222,6 +237,7 @@ Accept wildcard characters: False ``` ### CommonParameters + This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS From 5a9572103eee43a91e4713c71b5781236ed7a8d3 Mon Sep 17 00:00:00 2001 From: sruthytv1988 <136442515+sruthytv1988@users.noreply.github.com> Date: Tue, 20 Jan 2026 00:47:33 +0530 Subject: [PATCH 5/9] addressed review comments --- .../Get-DnsServerEncryptionProtocol.md | 21 ++++-- .../Set-DnsServerEncryptionProtocol.md | 75 +++++++++++++------ 2 files changed, 69 insertions(+), 27 deletions(-) diff --git a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md index 5477a52a97..242d211a1c 100644 --- a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md @@ -1,5 +1,5 @@ --- -description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +description: Learn how to retrieve DNS over HTTPS (DoH) settings using the Get-DnsServerEncryptionProtocol cmdlet in Windows PowerShell for Windows Server 2025 and later. external help file: PS_DnsServerEncryptionProtocol_v1.0.0.cdxml-help.xml Module Name: DnsServer ms.date: 01/14/2026 @@ -11,7 +11,7 @@ title: Get-DnsServerEncryptionProtocol # Get-DnsServerEncryptionProtocol ## SYNOPSIS -Retrieves DNS server encryption protocol settings. This cmdlet is available on Windows Server 2025 or later. +Retrieves DNS server encryption protocol settings for DNS over HTTPS (DoH) on Windows Server 2025 or later. ## SYNTAX @@ -22,7 +22,14 @@ Get-DnsServerEncryptionProtocol [-ComputerName ] [-PassThru ] [ ## DESCRIPTION -The **Get-DnsServerEncryptionProtocol** cmdlet retrieves Domain Name System (DNS) server DNS over HTTPS (DoH) settings: **EnableDoh** and **UriTemplate**. +The `Get-DnsServerEncryptionProtocol` cmdlet can be used to verify the current DoH configuration +on a DNS server. The cmdlet retrieves the current settings as an object with the properties +**EnableDoh** and **UriTemplate** to indicate whether DoH is enabled and the configured URI +templates for DNS queries over HTTPS. + +> [!IMPORTANT] +> The `Get-DnsServerEncryptionProtocol` cmdlet is available on Windows Server 2025 or +> later beginning with 2026-02 Security Update. ## EXAMPLES @@ -103,8 +110,12 @@ Accept wildcard characters: False ### -ComputerName -Specifies a DNS server. -The acceptable values for this parameter are: an IP V4 address; an IP V6 address; any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name. +Specifies a DNS server. The acceptable values for this parameter are: + +- An IP V4 address +- An IP V6 address +- Any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host + name, or NETBIOS name. ```yaml Type: String diff --git a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md index 9d8bf38ff9..bca7133f21 100644 --- a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md @@ -1,5 +1,5 @@ --- -description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. +Learn how to enable or disable DNS over HTTPS (DoH) and configure URI templates for secure DNS queries using the Set-DnsServerEncryptionProtocol cmdlet. external help file: PS_DnsServerEncryptionProtocol_v1.0.0.cdxml-help.xml Module Name: DnsServer ms.date: 01/14/2026 @@ -11,7 +11,8 @@ title: Set-DnsServerEncryptionProtocol # Set-DnsServerEncryptionProtocol ## SYNOPSIS -Configures DNS server encryption protocol settings. +Configures DNS server encryption protocol settings for DNS over HTTPS (DoH) on Windows Server 2025 +or later. ## SYNTAX @@ -23,45 +24,62 @@ Set-DnsServerEncryptionProtocol -EnableDoh [-UriTemplate ] [-C ## DESCRIPTION -The **Set-DnsServerEncryptionProtocol** cmdlet modifies encryption settings on a Domain Name System (DNS) server to enable or disable DNS over HTTPS (DoH) protocol and configure URI templates for DNS queries. When DoH is enabled, DNS queries are encrypted over HTTPS, protecting them from eavesdropping and tampering. After modifying encryption settings, you must restart the DNS Server service for changes to take effect. Ensure that a valid SSL/TLS certificate is configured for the DNS server with the hostname(s) specified in the URI template(s). This cmdlet is available on Windows Server 2025 or later. +The `Set-DnsServerEncryptionProtocol` cmdlet modifies encryption settings on a Domain Name System +(DNS) server to enable or disable DNS over HTTPS (DoH) and configure URI templates for DNS +queries. When DoH is enabled, DNS queries are encrypted over HTTPS, protecting them from +eavesdropping and tampering. + +You must restart the DNS Server service for changes to take effect. Ensure that a valid SSL/TLS +certificate is configured for the DNS server with the hostname(s) specified in the URI template(s). + +> [!IMPORTANT] +> The `Get-DnsServerEncryptionProtocol` cmdlet is available on Windows Server 2025 or +> later beginning with 2026-02 Security Update. ## EXAMPLES ### Example 1: Enable DNS over HTTPS (DoH) with default URI template ```powershell -PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true -PS C:\> Restart-Service DNS +Set-DnsServerEncryptionProtocol -EnableDoh $true +Restart-Service DNS ``` -This command enables DNS over HTTPS (DoH) using the default URI template path `/dns-query`. When you don't specify the **UriTemplate** parameter, the DNS server uses a template based on the server's FQDN with the standard `/dns-query` path (for example, `https://dnsserver.contoso.com/dns-query`). +This example command enables DNS over HTTPS (DoH) using the default URI template path `/dns-query`. When +you don't specify the **UriTemplate** parameter, the DNS server uses a template based on the server's +FQDN with the standard `/dns-query` path (for example, `https://dnsserver.contoso.com/dns-query`). +The DNS service should be restarted for the changes to take effect. ### Example 2: Enable DNS over HTTPS (DoH) with a single URI template ```powershell -PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query" -PS C:\> Restart-Service DNS +Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query" +Restart-Service DNS ``` -This command enables DNS over HTTPS (DoH) on the DNS server with the specified URI template. The DNS service must be restarted for the changes to take effect. +In this example, you enables DNS over HTTPS (DoH) on the DNS server with the specified URI template. The +DNS service should be restarted for the changes to take effect. ### Example 3: Enable DNS over HTTPS (DoH) with multiple URI templates ```powershell -PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query" -PS C:\> Restart-Service DNS +Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query" +Restart-Service DNS ``` -This command configures DNS over HTTPS (DoH) with multiple URI templates separated by the pipe character (|) for redundancy and load distribution. A maximum of three URI templates can be specified. +In this example, the command configures DNS over HTTPS (DoH) with multiple URI templates separated +by the pipe character `|` for redundancy and load distribution. A maximum of three URI templates +can be specified. Finally, the DNS service should be restarted for the change to take effect. ### Example 4: Disable DNS over HTTPS (DoH) ```powershell -PS C:\> Set-DnsServerEncryptionProtocol -EnableDoh $false -PS C:\> Restart-Service DNS +Set-DnsServerEncryptionProtocol -EnableDoh $false +Restart-Service DNS ``` -This command disables DNS over HTTPS (DoH) on the DNS server. All configured URI templates are automatically cleared. +In this example, the command disables DNS over HTTPS (DoH) on the DNS server and restarts the DNS service. +All configured URI templates are automatically cleared. ## PARAMETERS @@ -103,7 +121,12 @@ Accept wildcard characters: False ### -ComputerName -Specifies a DNS server. The acceptable values for this parameter are: an IPv4 address; an IPv6 address; any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name. +Specifies a DNS server. The acceptable values for this parameter are: + +- An IP V4 address +- An IP V6 address +- Any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host + name, or NETBIOS name. ```yaml @@ -136,7 +159,8 @@ Accept wildcard characters: False ### -EnableDoh -Specifies whether to enable or disable DNS over HTTPS (DoH) on the DNS server. Set to `$true` to enable DoH, or `$false` to disable it. When disabled, any configured URI templates are cleared. +Specifies whether to enable or disable DNS over HTTPS (DoH) on the DNS server. Set the value to `$true` to +enable DoH, or `$false` to disable it. When disabled, any configured URI templates are also cleared. ```yaml Type: Boolean @@ -200,11 +224,19 @@ Accept wildcard characters: False ### -UriTemplate -Specifies one or more URI templates for DNS over HTTPS (DoH) queries. If not specified when **EnableDoh** is set to `$true`, the DNS server uses a default URI template with the `/dns-query` path based on the server's fully qualified domain name (FQDN). +Specifies one or more URI templates for DNS over HTTPS (DoH) queries. If you don't specify a value when +**EnableDoh** is set to `$true`, the DNS server uses a default URI template with the `/dns-query` path +based on the server's fully qualified domain name (FQDN). -For a single URI template, specify `"https://dnsserver.example.net/dns-query"`. To provide multiple URI templates for redundancy and load balancing, specify them as **a single string** with templates separated by the pipe character (|): `"https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query"`. A maximum of three URI templates can be specified. +For a single URI template, specify `"https://dnsserver.example.net/dns-query"`. To provide multiple URI +templates for redundancy and load balancing, specify them as a single string with templates separated +by the pipe character `|`. For example, +`"https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query"`. A maximum of three +URI templates can be specified. -URI templates must be valid HTTPS URIs compliant with [RFC 3986, Uniform Resource Identifier (URI): Generic Syntax](https://datatracker.ietf.org/doc/html/rfc3986). Ensure that a valid SSL/TLS certificate is configured for the DNS server with the hostname(s) specified in the URI template(s). +URI templates must be valid HTTPS URIs compliant with [RFC 3986, Uniform Resource Identifier (URI): +Generic Syntax](https://datatracker.ietf.org/doc/html/rfc3986). Ensure that a valid SSL/TLS certificate is +configured for the DNS server with the hostname(s) specified in the URI template(s). ```yaml @@ -221,8 +253,7 @@ Accept wildcard characters: False ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. +Shows what would happen if the cmdlet runs. The cmdlet isn't run. ```yaml Type: SwitchParameter From 5356ffb1775df2aba569af8dd08bc90dcb2a748f Mon Sep 17 00:00:00 2001 From: sruthytv1988 <136442515+sruthytv1988@users.noreply.github.com> Date: Wed, 21 Jan 2026 00:45:19 +0530 Subject: [PATCH 6/9] corrected spaces, added set cmdlet output, corrected load balancing, --- .../Get-DnsServerEncryptionProtocol.md | 2 +- .../Set-DnsServerEncryptionProtocol.md | 88 +++++++++++++------ 2 files changed, 61 insertions(+), 29 deletions(-) diff --git a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md index 242d211a1c..ed8ff94818 100644 --- a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md @@ -110,7 +110,7 @@ Accept wildcard characters: False ### -ComputerName -Specifies a DNS server. The acceptable values for this parameter are: +Specifies a DNS server. The acceptable values for this parameter are: - An IP V4 address - An IP V6 address diff --git a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md index bca7133f21..b7d4021c0a 100644 --- a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md @@ -33,7 +33,7 @@ You must restart the DNS Server service for changes to take effect. Ensure that certificate is configured for the DNS server with the hostname(s) specified in the URI template(s). > [!IMPORTANT] -> The `Get-DnsServerEncryptionProtocol` cmdlet is available on Windows Server 2025 or +> The `Set-DnsServerEncryptionProtocol` cmdlet is available on Windows Server 2025 or > later beginning with 2026-02 Security Update. ## EXAMPLES @@ -42,44 +42,75 @@ certificate is configured for the DNS server with the hostname(s) specified in t ```powershell Set-DnsServerEncryptionProtocol -EnableDoh $true +``` + +```Output +WARNING: Modifying DOH setting will require restarting the DNS service. +``` + +```powershell Restart-Service DNS ``` -This example command enables DNS over HTTPS (DoH) using the default URI template path `/dns-query`. When -you don't specify the **UriTemplate** parameter, the DNS server uses a template based on the server's -FQDN with the standard `/dns-query` path (for example, `https://dnsserver.contoso.com/dns-query`). -The DNS service should be restarted for the changes to take effect. +In this example, the command enables DNS over HTTPS (DoH) using an implementation-specific default URI template. +When you don't specify the **UriTemplate** parameter, the Windows DNS server implementation +automatically configures a URI template based on the server's FQDN with the `/dns-query` path +(for example, `https://dnsserver.contoso.com/dns-query`). This default behavior is +implementation-specific and not defined by RFC 8484. The DNS service must be restarted for +the changes to take effect. ### Example 2: Enable DNS over HTTPS (DoH) with a single URI template ```powershell Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query" +``` + +```Output +WARNING: Modifying DOH setting will require restarting the DNS service. +``` + +```powershell Restart-Service DNS ``` -In this example, you enables DNS over HTTPS (DoH) on the DNS server with the specified URI template. The -DNS service should be restarted for the changes to take effect. +In this example, the command enables DNS over HTTPS (DoH) on the DNS server with the specified URI template. +The DNS service must be restarted for the changes to take effect. ### Example 3: Enable DNS over HTTPS (DoH) with multiple URI templates ```powershell Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query" +``` + +```Output +WARNING: Modifying DOH setting will require restarting the DNS service. +``` + +```powershell Restart-Service DNS ``` -In this example, the command configures DNS over HTTPS (DoH) with multiple URI templates separated -by the pipe character `|` for redundancy and load distribution. A maximum of three URI templates -can be specified. Finally, the DNS service should be restarted for the change to take effect. +In this example, the command configures DNS over HTTPS (DoH) with multiple URI templates separated by the pipe +character `|`. Multiple URI templates may be provisioned to allow client implementations to choose +among multiple DoH endpoints. A maximum of three URI templates can be specified. The DNS service +must be restarted for the changes to take effect. ### Example 4: Disable DNS over HTTPS (DoH) ```powershell Set-DnsServerEncryptionProtocol -EnableDoh $false +``` + +```Output +WARNING: Modifying DOH setting will require restarting the DNS service. +``` + +```powershell Restart-Service DNS ``` -In this example, the command disables DNS over HTTPS (DoH) on the DNS server and restarts the DNS service. -All configured URI templates are automatically cleared. +In this example, the command disables DNS over HTTPS (DoH) on the DNS server. When DoH is disabled, all configured +URI templates are automatically cleared. The DNS service must be restarted for the changes to take effect. ## PARAMETERS @@ -121,12 +152,12 @@ Accept wildcard characters: False ### -ComputerName -Specifies a DNS server. The acceptable values for this parameter are: +Specifies a DNS server. The acceptable values for this parameter are: -- An IP V4 address -- An IP V6 address -- Any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host - name, or NETBIOS name. +- An IP V4 address +- An IP V6 address +- Any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host + name, or NETBIOS name. ```yaml @@ -224,19 +255,20 @@ Accept wildcard characters: False ### -UriTemplate -Specifies one or more URI templates for DNS over HTTPS (DoH) queries. If you don't specify a value when -**EnableDoh** is set to `$true`, the DNS server uses a default URI template with the `/dns-query` path -based on the server's fully qualified domain name (FQDN). +Specifies one or more URI templates for DNS over HTTPS (DoH) queries. If you don't specify a value when +**EnableDoh** is set to `$true`, the Windows DNS server implementation uses a default URI template +with the `/dns-query` path based on the server's fully qualified domain name (FQDN). This default +behavior is implementation-specific and not defined by RFC 8484. -For a single URI template, specify `"https://dnsserver.example.net/dns-query"`. To provide multiple URI -templates for redundancy and load balancing, specify them as a single string with templates separated -by the pipe character `|`. For example, -`"https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query"`. A maximum of three -URI templates can be specified. +For a single URI template, specify `"https://dnsserver.example.net/dns-query"`. To provide multiple URI +templates, specify them as a single string with templates separated by the pipe character `|`. For +example, `"https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query"`. +Multiple URI templates may be provisioned to allow client implementations to choose among multiple +DoH endpoints. A maximum of three URI templates can be specified. -URI templates must be valid HTTPS URIs compliant with [RFC 3986, Uniform Resource Identifier (URI): -Generic Syntax](https://datatracker.ietf.org/doc/html/rfc3986). Ensure that a valid SSL/TLS certificate is -configured for the DNS server with the hostname(s) specified in the URI template(s). +URI templates must be valid HTTPS URIs compliant with [RFC 3986, Uniform Resource Identifier (URI): +Generic Syntax](https://datatracker.ietf.org/doc/html/rfc3986). Ensure that a valid SSL/TLS certificate is +configured for the DNS server with the hostname(s) specified in the URI template(s). ```yaml From 5e12293b1bd08ea6d01bdf7cb554235491745112 Mon Sep 17 00:00:00 2001 From: sruthytv1988 <136442515+sruthytv1988@users.noreply.github.com> Date: Tue, 27 Jan 2026 20:30:11 +0530 Subject: [PATCH 7/9] addressed review comments --- .../Get-DnsServerEncryptionProtocol.md | 4 ++- .../Set-DnsServerEncryptionProtocol.md | 36 ++++++++++--------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md index ed8ff94818..9d10e7b6ad 100644 --- a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md @@ -131,7 +131,7 @@ Accept wildcard characters: False ### -PassThru -Returns an object representing the item with which you are working. By default, this cmdlet doesn't generate any output. +Returns an object representing the item with which you are working. ```yaml Type: Boolean @@ -175,6 +175,8 @@ You cannot pipe objects to this cmdlet. ### Microsoft.Management.Infrastructure.CimInstance#DnsServerEncryptionProtocol +This cmdlet returns a `DnsServerEncryptionProtocol` object that represents the updated encryption protocol settings on the DNS server. + ## NOTES ## RELATED LINKS diff --git a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md index b7d4021c0a..375cdfa307 100644 --- a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md @@ -52,12 +52,7 @@ WARNING: Modifying DOH setting will require restarting the DNS service. Restart-Service DNS ``` -In this example, the command enables DNS over HTTPS (DoH) using an implementation-specific default URI template. -When you don't specify the **UriTemplate** parameter, the Windows DNS server implementation -automatically configures a URI template based on the server's FQDN with the `/dns-query` path -(for example, `https://dnsserver.contoso.com/dns-query`). This default behavior is -implementation-specific and not defined by RFC 8484. The DNS service must be restarted for -the changes to take effect. +In this example, the command enables DNS over HTTPS (DoH). When you don't specify the **UriTemplate** parameter, the DNS server automatically generates a URI template based on the server's FQDN with the `/dns-query` path (for example, `https://dnsserver.contoso.com/dns-query`). The DNS service must be restarted for the changes to take effect. ### Example 2: Enable DNS over HTTPS (DoH) with a single URI template @@ -223,7 +218,7 @@ Accept wildcard characters: False ### -PassThru -Returns an object representing the item with which you are working. By default, this cmdlet doesn't generate any output. +Returns an object representing the item with which you are working. ```yaml Type: Boolean @@ -255,20 +250,21 @@ Accept wildcard characters: False ### -UriTemplate -Specifies one or more URI templates for DNS over HTTPS (DoH) queries. If you don't specify a value when -**EnableDoh** is set to `$true`, the Windows DNS server implementation uses a default URI template -with the `/dns-query` path based on the server's fully qualified domain name (FQDN). This default -behavior is implementation-specific and not defined by RFC 8484. +Specifies one or more URI templates for DNS over HTTPS (DoH) queries. -For a single URI template, specify `"https://dnsserver.example.net/dns-query"`. To provide multiple URI -templates, specify them as a single string with templates separated by the pipe character `|`. For -example, `"https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query"`. +URI template(s) must be valid HTTPS URIs compliant with [RFC 3986, Uniform Resource Identifier (URI): +Generic Syntax](https://datatracker.ietf.org/doc/html/rfc3986). Ensure that a valid SSL/TLS certificate is +configured for the DNS server with the hostname(s) specified in the URI template(s). + +For a single URI template, specify a valid HTTPS URI (for example, `"https://dnsserver.example.net/dns-query"`). +For multiple URI templates, separate them with the pipe character `|` (for example, +`"https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query"`). Multiple URI templates may be provisioned to allow client implementations to choose among multiple DoH endpoints. A maximum of three URI templates can be specified. -URI templates must be valid HTTPS URIs compliant with [RFC 3986, Uniform Resource Identifier (URI): -Generic Syntax](https://datatracker.ietf.org/doc/html/rfc3986). Ensure that a valid SSL/TLS certificate is -configured for the DNS server with the hostname(s) specified in the URI template(s). +If you don't specify a value when **EnableDoh** is set to `$true`, the DNS server automatically generates a +URI template using the format `https:///dns-query`, where `` is the server's fully qualified domain name. +For example, if your DNS server's FQDN is `dns1.contoso.com`, the template will be `https://dns1.contoso.com/dns-query`. ```yaml @@ -305,10 +301,16 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS +### None + +You cannot pipe objects to this cmdlet. + ## OUTPUTS ### Microsoft.Management.Infrastructure.CimInstance#DnsServerEncryptionProtocol +This cmdlet returns a `DnsServerEncryptionProtocol` object that represents the updated encryption protocol settings on the DNS server. + ## NOTES ## RELATED LINKS From 6593ec60070e3384a875fac972f3dab9c9e4d808 Mon Sep 17 00:00:00 2001 From: robinharwood <19212983+robinharwood@users.noreply.github.com> Date: Mon, 9 Feb 2026 11:08:10 +0000 Subject: [PATCH 8/9] Updated line formatting for DnsServerEncryptionProtocol commands --- .../Get-DnsServerEncryptionProtocol.md | 35 ++++--- .../Set-DnsServerEncryptionProtocol.md | 98 +++++++++++++------ 2 files changed, 89 insertions(+), 44 deletions(-) diff --git a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md index 9d10e7b6ad..e6cb539a7a 100644 --- a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md @@ -69,14 +69,16 @@ server. ### -AsJob -Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. +Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to +complete. -The cmdlet immediately returns an object that represents the job and then displays the command prompt. -You can continue to work in the session while the job completes. -To manage the job, use the `*-Job` cmdlets. -To get the job results, use the [Receive-Job](https://go.microsoft.com/fwlink/?LinkID=113372) cmdlet. +The cmdlet immediately returns an object that represents the job and then displays the command +prompt. You can continue to work in the session while the job completes. To manage the job, use the +`*-Job` cmdlets. To get the job results, use the +[Receive-Job](https://go.microsoft.com/fwlink/?LinkID=113372) cmdlet. -For more information about Windows PowerShell background jobs, see [about_Jobs](https://go.microsoft.com/fwlink/?LinkID=113251). +For more information about Windows PowerShell background jobs, see +[about_Jobs](https://go.microsoft.com/fwlink/?LinkID=113251). ```yaml Type: SwitchParameter @@ -92,9 +94,10 @@ Accept wildcard characters: False ### -CimSession -Runs the cmdlet in a remote session or on a remote computer. -Enter a computer name or a session object, such as the output of a [New-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227967) or [Get-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227966) cmdlet. -The default is the current session on the local computer. +Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session +object, such as the output of a [New-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227967) +or [Get-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227966) cmdlet. The default is the +current session on the local computer. ```yaml Type: CimSession[] @@ -147,7 +150,11 @@ Accept wildcard characters: False ### -ThrottleLimit -Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of `0` is entered, then Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer. +Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If +this parameter is omitted or a value of `0` is entered, then Windows PowerShell calculates an +optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the +computer. The throttle limit applies only to the current cmdlet, not to the session or to the +computer. ```yaml Type: Int32 @@ -163,7 +170,10 @@ Accept wildcard characters: False ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -175,7 +185,8 @@ You cannot pipe objects to this cmdlet. ### Microsoft.Management.Infrastructure.CimInstance#DnsServerEncryptionProtocol -This cmdlet returns a `DnsServerEncryptionProtocol` object that represents the updated encryption protocol settings on the DNS server. +This cmdlet returns a `DnsServerEncryptionProtocol` object that represents the updated encryption +protocol settings on the DNS server. ## NOTES diff --git a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md index 375cdfa307..0bb20385e7 100644 --- a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md @@ -52,12 +52,19 @@ WARNING: Modifying DOH setting will require restarting the DNS service. Restart-Service DNS ``` -In this example, the command enables DNS over HTTPS (DoH). When you don't specify the **UriTemplate** parameter, the DNS server automatically generates a URI template based on the server's FQDN with the `/dns-query` path (for example, `https://dnsserver.contoso.com/dns-query`). The DNS service must be restarted for the changes to take effect. +In this example, the command enables DNS over HTTPS (DoH). When you don't specify the +**UriTemplate** parameter, the DNS server automatically generates a URI template based on the +server's FQDN with the `/dns-query` path (for example, `https://dnsserver.contoso.com/dns-query`). +The DNS service must be restarted for the changes to take effect. ### Example 2: Enable DNS over HTTPS (DoH) with a single URI template ```powershell -Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query" +$params = @{ + EnableDoh = $true + UriTemplate = "https://dnsserver.example.net/dns-query" +} +Set-DnsServerEncryptionProtocol @params ``` ```Output @@ -68,13 +75,19 @@ WARNING: Modifying DOH setting will require restarting the DNS service. Restart-Service DNS ``` -In this example, the command enables DNS over HTTPS (DoH) on the DNS server with the specified URI template. -The DNS service must be restarted for the changes to take effect. +In this example, the command enables DNS over HTTPS (DoH) on the DNS server with the specified URI +template. The DNS service must be restarted for the changes to take effect. This example uses +splatting to pass parameter values from the `$Parameters` variable to the command. Learn more about +[Splatting](/powershell/module/microsoft.powershell.core/about/about_splatting). ### Example 3: Enable DNS over HTTPS (DoH) with multiple URI templates ```powershell -Set-DnsServerEncryptionProtocol -EnableDoh $true -UriTemplate "https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query" +$params = @{ + EnableDoh = $true + UriTemplate = "https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query" +} +Set-DnsServerEncryptionProtocol @params ``` ```Output @@ -85,10 +98,13 @@ WARNING: Modifying DOH setting will require restarting the DNS service. Restart-Service DNS ``` -In this example, the command configures DNS over HTTPS (DoH) with multiple URI templates separated by the pipe -character `|`. Multiple URI templates may be provisioned to allow client implementations to choose -among multiple DoH endpoints. A maximum of three URI templates can be specified. The DNS service -must be restarted for the changes to take effect. +In this example, the command configures DNS over HTTPS (DoH) with multiple URI templates separated +by the pipe character `|`. Multiple URI templates may be provisioned to allow client implementations +to choose among multiple DoH endpoints. A maximum of three URI templates can be specified. The DNS +service must be restarted for the changes to take effect. + +This example uses splatting to pass parameter values from the `$Parameters` variable to the command. +Learn more about [Splatting](/powershell/module/microsoft.powershell.core/about/about_splatting). ### Example 4: Disable DNS over HTTPS (DoH) @@ -104,18 +120,24 @@ WARNING: Modifying DOH setting will require restarting the DNS service. Restart-Service DNS ``` -In this example, the command disables DNS over HTTPS (DoH) on the DNS server. When DoH is disabled, all configured -URI templates are automatically cleared. The DNS service must be restarted for the changes to take effect. +In this example, the command disables DNS over HTTPS (DoH) on the DNS server. When DoH is disabled, +all configured URI templates are automatically cleared. The DNS service must be restarted for the +changes to take effect. ## PARAMETERS ### -AsJob -Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. +Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to +complete. -The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the `*-Job` cmdlets. To get the job results, use the [Receive-Job](https://go.microsoft.com/fwlink/?LinkID=113372) cmdlet. +The cmdlet immediately returns an object that represents the job and then displays the command +prompt. You can continue to work in the session while the job completes. To manage the job, use the +`*-Job` cmdlets. To get the job results, use the +[Receive-Job](https://go.microsoft.com/fwlink/?LinkID=113372) cmdlet. -For more information about Windows PowerShell background jobs, see [about_Jobs](https://go.microsoft.com/fwlink/?LinkID=113251). +For more information about Windows PowerShell background jobs, see +[about_Jobs](https://go.microsoft.com/fwlink/?LinkID=113251). ```yaml Type: SwitchParameter @@ -131,7 +153,9 @@ Accept wildcard characters: False ### -CimSession -Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer. +Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session +object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current +session on the local computer. ```yaml Type: CimSession[] @@ -154,7 +178,6 @@ Specifies a DNS server. The acceptable values for this parameter are: - Any other value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name. - ```yaml Type: String Parameter Sets: (All) @@ -185,8 +208,9 @@ Accept wildcard characters: False ### -EnableDoh -Specifies whether to enable or disable DNS over HTTPS (DoH) on the DNS server. Set the value to `$true` to -enable DoH, or `$false` to disable it. When disabled, any configured URI templates are also cleared. +Specifies whether to enable or disable DNS over HTTPS (DoH) on the DNS server. Set the value to +`$true` to enable DoH, or `$false` to disable it. When disabled, any configured URI templates are +also cleared. ```yaml Type: Boolean @@ -234,7 +258,11 @@ Accept wildcard characters: False ### -ThrottleLimit -Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of `0` is entered, then Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer. +Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If +this parameter is omitted or a value of `0` is entered, then Windows PowerShell calculates an +optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the +computer. The throttle limit applies only to the current cmdlet, not to the session or to the +computer. ```yaml Type: Int32 @@ -252,19 +280,21 @@ Accept wildcard characters: False Specifies one or more URI templates for DNS over HTTPS (DoH) queries. -URI template(s) must be valid HTTPS URIs compliant with [RFC 3986, Uniform Resource Identifier (URI): -Generic Syntax](https://datatracker.ietf.org/doc/html/rfc3986). Ensure that a valid SSL/TLS certificate is -configured for the DNS server with the hostname(s) specified in the URI template(s). +URI template(s) must be valid HTTPS URIs compliant with [RFC 3986, Uniform Resource Identifier +(URI): Generic Syntax](https://datatracker.ietf.org/doc/html/rfc3986). Ensure that a valid SSL/TLS +certificate is configured for the DNS server with the hostname(s) specified in the URI template(s). -For a single URI template, specify a valid HTTPS URI (for example, `"https://dnsserver.example.net/dns-query"`). -For multiple URI templates, separate them with the pipe character `|` (for example, -`"https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query"`). -Multiple URI templates may be provisioned to allow client implementations to choose among multiple -DoH endpoints. A maximum of three URI templates can be specified. +For a single URI template, specify a valid HTTPS URI (for example, +`"https://dnsserver.example.net/dns-query"`). For multiple URI templates, separate them with the +pipe character `|` (for example, +`"https://dnsserver.example.net/dns-query|https://dnsserver2.example.net/dns-query"`). Multiple URI +templates may be provisioned to allow client implementations to choose among multiple DoH endpoints. +A maximum of three URI templates can be specified. -If you don't specify a value when **EnableDoh** is set to `$true`, the DNS server automatically generates a -URI template using the format `https:///dns-query`, where `` is the server's fully qualified domain name. -For example, if your DNS server's FQDN is `dns1.contoso.com`, the template will be `https://dns1.contoso.com/dns-query`. +If you don't specify a value when **EnableDoh** is set to `$true`, the DNS server automatically +generates a URI template using the format `https:///dns-query`, where `` +is the server's fully qualified domain name. For example, if your DNS server's FQDN is +`dns1.contoso.com`, the template will be `https://dns1.contoso.com/dns-query`. ```yaml @@ -297,7 +327,10 @@ Accept wildcard characters: False ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, +-WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -309,7 +342,8 @@ You cannot pipe objects to this cmdlet. ### Microsoft.Management.Infrastructure.CimInstance#DnsServerEncryptionProtocol -This cmdlet returns a `DnsServerEncryptionProtocol` object that represents the updated encryption protocol settings on the DNS server. +This cmdlet returns a `DnsServerEncryptionProtocol` object that represents the updated encryption +protocol settings on the DNS server. ## NOTES From ee6f2493dd73d41c92e02612df30e277373c59cf Mon Sep 17 00:00:00 2001 From: Robin Harwood <19212983+robinharwood@users.noreply.github.com> Date: Tue, 10 Feb 2026 13:01:47 +0000 Subject: [PATCH 9/9] Minor update and ms.date refreshed --- .../DnsServer/Get-DnsServerEncryptionProtocol.md | 6 ++++-- .../DnsServer/Set-DnsServerEncryptionProtocol.md | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md index e6cb539a7a..8d602443f6 100644 --- a/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Get-DnsServerEncryptionProtocol.md @@ -2,7 +2,7 @@ description: Learn how to retrieve DNS over HTTPS (DoH) settings using the Get-DnsServerEncryptionProtocol cmdlet in Windows PowerShell for Windows Server 2025 and later. external help file: PS_DnsServerEncryptionProtocol_v1.0.0.cdxml-help.xml Module Name: DnsServer -ms.date: 01/14/2026 +ms.date: 02/10/2026 online version: https://learn.microsoft.com/powershell/module/dnsserver/get-dnsserverencryptionprotocol?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Get-DnsServerEncryptionProtocol @@ -25,7 +25,9 @@ Get-DnsServerEncryptionProtocol [-ComputerName ] [-PassThru ] [ The `Get-DnsServerEncryptionProtocol` cmdlet can be used to verify the current DoH configuration on a DNS server. The cmdlet retrieves the current settings as an object with the properties **EnableDoh** and **UriTemplate** to indicate whether DoH is enabled and the configured URI -templates for DNS queries over HTTPS. +templates for DNS queries over HTTPS. The cmdlet retrieves the persistent encryption protocol +settings. Changes made using `Set-DnsServerEncryptionProtocol` require a DNS server restart to take +effect before being retrieved. > [!IMPORTANT] > The `Get-DnsServerEncryptionProtocol` cmdlet is available on Windows Server 2025 or diff --git a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md index 0bb20385e7..e548bf9ff0 100644 --- a/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md +++ b/docset/winserver2025-ps/DnsServer/Set-DnsServerEncryptionProtocol.md @@ -2,7 +2,7 @@ Learn how to enable or disable DNS over HTTPS (DoH) and configure URI templates for secure DNS queries using the Set-DnsServerEncryptionProtocol cmdlet. external help file: PS_DnsServerEncryptionProtocol_v1.0.0.cdxml-help.xml Module Name: DnsServer -ms.date: 01/14/2026 +ms.date: 02/10/2026 online version: https://learn.microsoft.com/powershell/module/dnsserver/set-dnsserverencryptionprotocol?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Set-DnsServerEncryptionProtocol