caption: Specify URI template of desired DNS-over-HTTPS resolver with identity information
desc: |-
The URI template of the desired DNS-over-HTTPS resolver. To specify multiple DNS-over-HTTPS resolvers, separate the corresponding URI templates with spaces. This policy is very similar to <ph name="DOH_TEMPLATES_POLICY_NAME">DnsOverHttpsTemplates</ph> which it will override if specified.
In contrast to the <ph name="DOH_TEMPLATES_POLICY_NAME">DnsOverHttpsTemplates</ph> policy, this policy supports specifying identity information.
Identifiers are specified using variable placeholders which are replaced with user or device information in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>. The identifiers are not sent to the DNS server in plain text; instead they are hashed with the <ph name="SHA256">SHA-256</ph> algorithm and uppercase hex encoded.
Identifiers are specified between curly brackets, preceded by the dollar sign. For user identification, use the following placeholders <ph name="USER_EMAIL">USER_EMAIL</ph>, <ph name="USER_EMAIL_DOMAIN">USER_EMAIL_DOMAIN</ph> and <ph name="USER_EMAIL_NAME">USER_EMAIL_NAME</ph>. For device identification, use the following placeholders <ph name="DEVICE_DIRECTORY_ID">DEVICE_DIRECTORY_ID</ph>, <ph name="DEVICE_SERIAL_NUMBER">DEVICE_SERIAL_NUMBER</ph>, <ph name="DEVICE_ASSET_ID">DEVICE_ASSET_ID</ph> and <ph name="DEVICE_ANNOTATED_LOCATION">DEVICE_ANNOTATED_LOCATION</ph>.
Before version 122, device identifiers were not replaced for unaffiliated users. Starting version 122, the device placeholders are replaced with the value <ph name="DEVICE_NOT_MANAGED">DEVICE_NOT_MANAGED</ph>, which is hashed and hex encoded.
Starting version 125, the device ip addresses can be added as template URI using the placeholder <ph name="DEVICE_IP_ADDRESSES">DEVICE_IP_ADDRESSES</ph>. This placeholder will be replaced by a hex string representing the network byte order of the IPv4 address and/or IPv6 address associated with the current network, if the network is managed by policy.
The IPv4 address is prefixed with the value 0010; the IPv6 address is prefixed with 0020. For dual-stack networks, both the IPv4 and IPv6 addresses will be used for the placeholder replacement. Multiple addresses are added consecutively, without a delimiter. For unaffiliated users, the replacement only happens if the network is managed by user policy. If the IP addresses placeholder cannot be replaced by the device IP address, it is replaced with an empty string.
If the <ph name="DOH_MODE_POLICY_NAME">DnsOverHttpsMode</ph> is set to <ph name="SECURE_DNS_MODE_SECURE">"secure"</ph> then either this policy or <ph name="DOH_TEMPLATES_POLICY_NAME">DnsOverHttpsTemplates</ph> must be set and not empty.
If the <ph name="DOH_MODE_POLICY_NAME">DnsOverHttpsMode</ph> is set to <ph name="SECURE_DNS_MODE_AUTOMATIC">"automatic"</ph> and this policy is set then the URI templates specified will be used; if this policy is unset then hardcoded mappings will be used to attempt to upgrade the users current DNS resolver to a DoH resolver operated by the same provider.
If the URI template contains a <ph name="HTTP_VARIABLE_DNS">dns</ph> variable, requests to the resolver will use <ph name="HTTP_METHOD_GET">GET</ph>; otherwise requests will use <ph name="HTTP_METHOD_POST">POST</ph>.
In version 114 and later, <ph name="DOH_SALT_POLICY_NAME">DnsOverHttpsSalt</ph> is optional if this policy is set.
example_value: https://dns.example.net/${USER_EMAIL_DOMAIN}/dns-query{?dns}
features:
dynamic_refresh: true
per_profile: false
supported_on:
- chrome_os:110-
owners:
- [email protected]
- [email protected]
schema:
type: string
tags: []
type: string
Codebase Browser
chromium