DnsOverHttpsTemplatesWithIdentifiers

The URI template of the desired DNS-over-HTTPS resolver. To specify multiple DNS-over-HTTPS resolvers, separate the corresponding URI templates with spaces. This policy is very similar to DnsOverHttpsTemplates which it will override if specified. In contrast to the DnsOverHttpsTemplates policy, this policy supports specifying identity information. Identifiers are specified using variable placeholders which are replaced with user or device information in Google Chrome. The identifiers are not sent to the DNS server in plain text; instead they are hashed with the SHA-256 algorithm and uppercase hex encoded. Identifiers are specified between curly brackets, preceded by the dollar sign. For user identification, use the following placeholders USER_EMAIL, USER_EMAIL_DOMAIN and USER_EMAIL_NAME. For device identification, use the following placeholders DEVICE_DIRECTORY_ID, DEVICE_SERIAL_NUMBER, DEVICE_ASSET_ID and DEVICE_ANNOTATED_LOCATION. Before version 122, device identifiers were not replaced for unaffiliated users. Starting version 122, the device placeholders are replaced with the value DEVICE_NOT_MANAGED, which is hashed and hex encoded. Starting version 125, the device ip addresses can be added as template URI using the placeholder DEVICE_IP_ADDRESSES. This placeholder will be replaced by a hex string representing the network byte order of the IPv4 address and/or IPv6 address associated with the current network, if the network is managed by policy. The IPv4 address is prefixed with the value 0010; the IPv6 address is prefixed with 0020. For dual-stack networks, both the IPv4 and IPv6 addresses will be used for the placeholder replacement. Multiple addresses are added consecutively, without a delimiter. For unaffiliated users, the replacement only happens if the network is managed by user policy. If the IP addresses placeholder cannot be replaced by the device IP address, it is replaced with an empty string. If the DnsOverHttpsMode is set to "secure" then either this policy or DnsOverHttpsTemplates must be set and not empty. If the DnsOverHttpsMode is set to "automatic" and this policy is set then the URI templates specified will be used; if this policy is unset then hardcoded mappings will be used to attempt to upgrade the users current DNS resolver to a DoH resolver operated by the same provider. If the URI template contains a dns variable, requests to the resolver will use GET; otherwise requests will use POST. In version 114 and later, DnsOverHttpsSalt is optional if this policy is set.