WinSecureDNSMgr module update v0.0.4

Added a fifth option for domain name resolution that falls back to system DNS if all other options fail.
Set-DOH and Set-CDOH now remove the scheduled task created by Set-DDOH if it exists.
Enhanced the code to handle cases where the server returns more than two IP addresses.

README.md

@@ -120,7 +120,9 @@ That means it will detect the correct network adapter/interface even if you are
 
 <img src="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/WebP/911587042608156732.webp" width="20"> If 3rd one fails, tries using Google's secondary encrypted API to get the IP address(s) of the DoH server's domain.
 
-<img src="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/WebP/911587042608156732.webp" width="30"> All of the connections to Cloudflare and Google servers use direct IP, are set to use [TLS 1.3](https://curl.se/docs/manpage.html#--tls13-ciphers) with [TLS_CHACHA20_POLY1305_SHA256](https://curl.se/docs/ssl-ciphers.html) cipher suite and use `HTTP/2`
+<img src="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/WebP/911587042608156732.webp" width="20"> if 4th one fails, tries using any system DNS that is available to get the IP address(s) of the DoH server's domain.
+
+<img src="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/WebP/911587042608156732.webp" width="30"> All of the connections to Cloudflare and Google servers use direct IP, are set to use [TLS 1.3](https://curl.se/docs/manpage.html#--tls13-ciphers) with [TLS_CHACHA20_POLY1305_SHA256](https://curl.se/docs/ssl-ciphers.html) cipher suite and use `HTTP/2`, with the exception of the last try which uses system DNS.
 
 <br>
 

WinSecureDNSMgr/CommonResources.psm1

@@ -1,3 +1,10 @@
+# Functions for custom color writing
+function WriteViolet { Write-Host "$($PSStyle.Foreground.FromRGB(153,0,255))$($args[0])$($PSStyle.Reset)" -NoNewline }
+function WritePink { Write-Host "$($PSStyle.Foreground.FromRGB(255,0,230))$($args[0])$($PSStyle.Reset)" -NoNewline }
+function WriteLavender { Write-Host "$($PSStyle.Foreground.FromRgb(255,179,255))$($args[0])$($PSStyle.Reset)" -NoNewline }
+function WriteTeaGreen { Write-Host "$($PSStyle.Foreground.FromRgb(133, 222, 119))$($args[0])$($PSStyle.Reset)" -NoNewline }
+
+
 function Select-Option {
     param(
         [parameter(Mandatory = $true, Position = 0)][string]$Message,
@@ -29,7 +36,11 @@ Function Invoke-cURL {
     $IPs = ( $IPs | ConvertFrom-Json).answer.data
     return $IPs
 }
-
+
+
+# Explicitly defining array type variable to store IP addresses
+$NewIPsV4 = @()
+
 Function Get-IPv4DoHServerIPAddressWinSecureDNSMgr {
     param ($domain)
 
@@ -49,8 +60,15 @@ Function Get-IPv4DoHServerIPAddressWinSecureDNSMgr {
         Write-Host "Third try failed, now using the second Encrypted Google API to to get IPv4s for $domain" -ForegroundColor DarkRed
         $NewIPsV4 = Invoke-cURL "https://8.8.4.4/resolve?name=$domain&type=A"
     }
+    if (!$NewIPsV4) {
+        Write-Host "Fourth try failed, using any available system DNS to get the IPv4s for $domain" -ForegroundColor Magenta
+        $NewIPsV4 = (Resolve-DnsName -Type A -Name "$domain" -NoHostsFile).ipaddress    
+    }
 
     if ($NewIPsV4) {
+        if ($NewIPsV4.count -gt 2) {
+            $NewIPsV4 = $NewIPsV4 | Select-Object -First 2
+        }  
         return $NewIPsV4
     }
     else {
@@ -59,6 +77,9 @@ Function Get-IPv4DoHServerIPAddressWinSecureDNSMgr {
     } 
 }
 
+# Explicitly defining array type variable to store IP addresses
+$NewIPsV6 = @()
+
 Function Get-IPv6DoHServerIPAddressWinSecureDNSMgr {
     param ($domain)
 
@@ -78,8 +99,16 @@ Function Get-IPv6DoHServerIPAddressWinSecureDNSMgr {
         Write-Host "Third try failed, now using the second Encrypted Google API to to get IPv6s for $domain" -ForegroundColor DarkRed
         $NewIPsV6 = Invoke-cURL "https://8.8.4.4/resolve?name=$domain&type=AAAA"
     }
+    if (!$NewIPsV6) {
+        Write-Host "Fourth try failed, using any available system DNS to get the IPv6s for $domain" -ForegroundColor Magenta
+        $NewIPsV6 = (Resolve-DnsName -Type AAAA -Name "$domain" -NoHostsFile).ipaddress   
+    }
 
     if ($NewIPsV6) {
+        # in case server had more than 2 IP addresses
+        if ($NewIPsV6.count -gt 2) {
+            $NewIPsV6 = $NewIPsV6 | Select-Object -First 2
+        }        
         return $NewIPsV6
     }
     else {
@@ -88,8 +117,3 @@ Function Get-IPv6DoHServerIPAddressWinSecureDNSMgr {
     }
 }
 
-# Functions for custom color writing
-function WriteViolet { Write-Host "$($PSStyle.Foreground.FromRGB(153,0,255))$($args[0])$($PSStyle.Reset)" -NoNewline }
-function WritePink { Write-Host "$($PSStyle.Foreground.FromRGB(255,0,230))$($args[0])$($PSStyle.Reset)" -NoNewline }
-function WriteLavender { Write-Host "$($PSStyle.Foreground.FromRgb(255,179,255))$($args[0])$($PSStyle.Reset)" -NoNewline }
-function WriteTeaGreen { Write-Host "$($PSStyle.Foreground.FromRgb(133, 222, 119))$($args[0])$($PSStyle.Reset)" -NoNewline }

WinSecureDNSMgr/Set-BuiltInWinSecureDNS.psm1

@@ -93,6 +93,15 @@ Function Set-BuiltInWinSecureDNS {
         Clear-DnsClientCache
 
         Write-Host "`nDNS over HTTPS (DoH) is now configured for $($ActiveNetworkInterface.Name) using $DoHProvider provider.`n" -ForegroundColor Green
+
+        # Define the name and path of the task
+        $taskName = "Dynamic DoH Server IP check"
+        $taskPath = "\DDoH\"
+
+        # Try to get the Dynamic DoH task and delete it if it exists
+        if (Get-ScheduledTask -TaskName $taskName -TaskPath $taskPath -ErrorAction SilentlyContinue) {
+            Unregister-ScheduledTask -TaskName $taskName -TaskPath $taskPath -Confirm:$false
+        }    
     }
 
     <#

WinSecureDNSMgr/Set-CustomWinSecureDNS.psm1

@@ -142,6 +142,15 @@ function Set-CustomWinSecureDNS {
         Clear-DnsClientCache
 
         Write-Host "`nDNS over HTTPS has been successfully configured for $($ActiveNetworkInterface.Name) using $DoHTemplate template.`n" -ForegroundColor Green
+
+        # Define the name and path of the task
+        $taskName = "Dynamic DoH Server IP check"
+        $taskPath = "\DDoH\"
+
+        # Try to get the Dynamic DoH task and delete it if it exists
+        if (Get-ScheduledTask -TaskName $taskName -TaskPath $taskPath -ErrorAction SilentlyContinue) {
+            Unregister-ScheduledTask -TaskName $taskName -TaskPath $taskPath -Confirm:$false
+        }  
     }
     <#
 .SYNOPSIS

WinSecureDNSMgr/Set-DynamicIPDoHServer.psm1

@@ -48,7 +48,7 @@ function Set-DynamicIPDoHServer {
       # Hyper-V assigns a new GUID to it, so it's better not to leave any leftover in the registry and clean up after ourselves
       Remove-item "HKLM:System\CurrentControlSet\Services\Dnscache\InterfaceSpecificParameters\*" -Recurse
 
-      $NewIPsV4 = Get-IPv4DoHServerIPAddressWinSecureDNSMgr -Domain $domain
+      [string[]]$NewIPsV4 = Get-IPv4DoHServerIPAddressWinSecureDNSMgr -Domain $domain
 
       # loop through each IPv4
       $NewIPsV4 | foreach-Object {
@@ -62,7 +62,7 @@ function Set-DynamicIPDoHServer {
         New-ItemProperty -Path $Path -Name "DohFlags" -Value 1 -PropertyType Qword -Force
       }
 
-      $NewIPsV6 = Get-IPv6DoHServerIPAddressWinSecureDNSMgr -Domain $domain
+      [string[]]$NewIPsV6 = Get-IPv6DoHServerIPAddressWinSecureDNSMgr -Domain $domain
 
       # loop through each IPv6
       $NewIPsV6 | foreach-Object {
@@ -77,7 +77,7 @@ function Set-DynamicIPDoHServer {
       }
 
       # gather IPv4s and IPv6s all in one place
-      $NewIPs = $NewIPsV4 + $NewIPsV6
+      [string[]]$NewIPs = $NewIPsV4 + $NewIPsV6
 
       # this is responsible for making the changes in Windows settings UI > Network and internet > $ActiveNetworkInterface.Name
       Set-DnsClientServerAddress -ServerAddresses $NewIPs -InterfaceIndex $ActiveNetworkInterface.ifIndex -ErrorAction Stop
@@ -86,7 +86,7 @@ function Set-DynamicIPDoHServer {
     }
 
     catch {
-      Write-host "these errors occured after running the module" -ForegroundColor white
+      Write-host "These errors occured after running the module" -ForegroundColor white
       $_
       $ModuleErrors = $_ 
     }

WinSecureDNSMgr/WinSecureDNSMgr.psd1

@@ -12,7 +12,7 @@
     RootModule           = 'WinSecureDNSMgr.psm1'
 
     # Version number of this module.
-    ModuleVersion        = '0.0.3'
+    ModuleVersion        = '0.0.4'
 
     # Supported PSEditions
     CompatiblePSEditions = @("Core")
@@ -56,6 +56,7 @@ It can automatically identify the correct and active network adapter/interface a
 ✅  - If 1st one fails, tries using the Cloudflare's secondary encrypted API to get the IP address(s) of the DoH server's domain.
 ✅  - If 2nd one fails, tries using Google's main encrypted API to get the IP address(s) of the DoH server's domain.
 ✅  - If 3rd one fails, tries using Google's secondary encrypted API to get the IP address(s) of the DoH server's domain.
+✅  - if 4th one fails, tries using any system DNS that is available to get the IP address(s) of the DoH server's domain.
 
 ✅ All of the connections to Cloudflare and Google servers use direct IP, are set to use TLS 1.3 with TLS_CHACHA20_POLY1305_SHA256 cipher suite and use HTTP/2
 
@@ -150,6 +151,12 @@ https://github.com/HotCakeX/WinSecureDNSMgr
 
             # ReleaseNotes of this module
             ReleaseNotes = @"
+
+# Version 0.0.4
+Added a fifth option for domain name resolution that falls back to system DNS if all other options fail.
+Set-DOH and Set-CDOH now remove the scheduled task created by Set-DDOH if it exists.
+Enhanced the code to handle cases where the server returns more than two IP addresses.
+
 # Version 0.0.3
 Simplified Set-CDOH function by automating a parameter, Streamlined the code, added custom colors to adapter selection area.