noid-privacy/Modules/DNS/Private/Disable-DHCPDnsOverride.ps1

function Disable-DHCPDnsOverride {
    <#
    .SYNOPSIS
        Prevent DHCP from overriding manually configured DNS servers
        
    .DESCRIPTION
        Sets adapter to NOT register its DNS address and ignore DHCP-provided DNS servers.
        This ensures your static DNS configuration (e.g., Cloudflare with DoH) cannot be overridden.
        
    .PARAMETER InterfaceIndex
        Network adapter interface index
        
    .PARAMETER DryRun
        Show what would be configured without applying changes
        
    .EXAMPLE
        Disable-DHCPDnsOverride -InterfaceIndex 12
        
    .NOTES
        Uses Set-DnsClient cmdlet (PowerShell Best Practice)
    #>
    
    [CmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [int]$InterfaceIndex,
        
        [Parameter()]
        [switch]$DryRun
    )
    
    try {
        $adapter = Get-NetAdapter -InterfaceIndex $InterfaceIndex -ErrorAction Stop
        $adapterName = $adapter.Name
        
        Write-Log -Level DEBUG -Message "Preventing DHCP DNS override on adapter: $adapterName" -Module $script:ModuleName
        
        if ($DryRun) {
            Write-Log -Level INFO -Message "[DRYRUN] Would disable DHCP DNS override on $adapterName" -Module $script:ModuleName
            return $true
        }
        
        # Set RegisterThisConnectionsAddress = $false to prevent DHCP from overriding DNS
        Set-DnsClient -InterfaceIndex $InterfaceIndex `
                     -RegisterThisConnectionsAddress $false `
                     -ErrorAction Stop
        
        Write-Log -Level SUCCESS -Message "DHCP DNS override disabled on $adapterName" -Module $script:ModuleName
        
        # Verify
        $dnsClient = Get-DnsClient -InterfaceIndex $InterfaceIndex -ErrorAction SilentlyContinue
        if ($dnsClient.RegisterThisConnectionsAddress -eq $false) {
            Write-Log -Level DEBUG -Message "Verification passed: DHCP cannot override DNS" -Module $script:ModuleName
            return $true
        }
        else {
            Write-Log -Level WARNING -Message "Verification failed: DHCP override not disabled" -Module $script:ModuleName
            return $false
        }
    }
    catch {
        Write-ErrorLog -Message "Failed to disable DHCP DNS override on adapter $InterfaceIndex" -Module $script:ModuleName -ErrorRecord $_
        return $false
    }
}