DNS over HTTPS support - For Routers
now
Eric Nix
NextDNS allows use of DNS over HTTPS per profile. DNSFilter should allow DoH to point to specific policies and to allow devices to have DoH profiles (not just users with a roaming profile). This would be helpful for routers that support DoH but not DoT, and it would also be helpful to force certain clients on a VLAN with a separate policy to adhere to a policy for that client. It would also allow client-level statistics within a policy.
R
Ryan Poppa
This is now available for DNSFilter (non-whitelabelled) customers. The DNS-over-HTTPS address is available under the advanced settings address of your site configuration. We will be adding a whitelabelled DoH address in a future update.
Eric Nix
Ryan Poppa does the DoH server resolve AAAA records/IPv6?
I was able to get this working with Ubiquiti UniFi's CyberSecure DoH by using the site ID as my server ID and using an online DNSStamp calculator. However, this does not enable DNSSEC by default. How can you use DoH with DNSSEC?
R
Ryan Poppa
Eric Nix At the moment, support for DNSSec is not included with our DoH deployment.
As per supporting documentation, DNSSec is enabled on the following DNS resolvers: https://help.dnsfilter.com/hc/en-us/community/posts/32829984835475-Does-DNSFilter-support-DNSSEC.
DNSFilter's DoH implementation does not yet support DNSSec. I'm happy to file a enhancement request on your behalf if desired.
Eric Nix
Ryan Poppa That would be awesome if DoH supported it... so yes, please file an enhancement request.
R
Ryan Poppa
Eric Nix: Filed here: https://dnsfilter.canny.io/feature-requests/p/dnssec-enforcement-over-dns-over-https
R
Ryan Poppa
now
S
Saqib Sabir
Upvoting - I would like to see DoH in the roaming client, so that it can function (resolve DNS) even in networks that block 53 / 853 to internet facing IPs.
Eric Nix
DNSFilter - is there any update to this?
M
Mathis Kuntze
DoH would be just great to have. It's built-in with MikroTik and other routers nowadays. DoH saves on outbound connections/ports which can quickly become an issue, specifically on IPv4. Additionally, certain providers just seem to outright throttle UDP 53 connections to networks other than their own.
Eric Nix
Mathis Kuntze Wouldn't mind seeing DoH3 support as well.
R
Ryan Poppa
later
Eric Nix
Ryan Poppa Any further update with this?
Eric Nix
I ended up canceling my subscription due to this lack of feature. Hopefully DNSFilter will join their competitors and begin offering this in 2025.
Eric Nix
Has there been any further consideration of this? Not all routers support DoT.
EDIT: Ubiquiti's UniFi Network v8.4.54 now supports DoH custom URLs (requires a dnscrypt stamp). Would be nice if DNSFilter started supporting DoH for those of us with Ciscos and PANs out of reach of our budget.
Eric Nix
Bumping this for hopefully serious consideration as not all routers support DoT but do support DoH.
Eric Nix
I'm hoping this gets moved into consideration soon.
Load More
→