DNS-over-TLS support for local domains (Roaming Client)
not pursuing
Pine
DNS-over-TLS for (local domains) allows for more secure DNS without the need for a VPN on roaming users.
Minetta Gould
Merged in a post:
Add Command Line Parameter to Roaming Client for DNS-over-TLS
Travis
Add the ability to specify a command line parameter during install of the roaming client that allows you to enable DNS-over-TLS without having to manually change registry settings. This would make using DNS-over-TLS with the roaming client easier for those using an MDM like Intune so that a separate script doesn't need to be used
Minetta Gould
marked this post as
not pursuing
Thanks for all the interest here — keep the votes and comments coming, they really help us track demand!
While DoT can already be configured with DNSFilter resolvers today, extending it to local resolvers brings some tricky challenges (like limited support on many routers/servers, lost encryption if queries get forwarded in cleartext, and IT-managed certificate overhead).
Because of those risks, we aren’t pursuing this path right now. That said, we are actively exploring other ways to secure DNS for roaming users — especially on public networks — so your feedback here is still shaping the direction we take.