Honestly, it’s wild that Proton still doesn’t support DoH/DoQ on macOS in 2025. Plaintext DNS kinda defeats the whole privacy-first vibe, especially for folks using NextDNS or similar. Let me set encrypted DNS system-wide for now, but come on—this should be built into the app yesterday. https://skycoach.gg/blog/fortnite/articles/fortnite-steal-the-brainrot-codes

The SENA <a href="https://sena-sofia-plus.com.co/">Sofia plus</a> is the official SENA platform to study free technical and technological programs and virtual courses, register, enroll and download official certificates valid in Colombia and in the business sector.

I would really like to be able to specify my own DoH DNS server instead of the default one. I use NextDNS and would like to be able to use my own DNS server instead of the default one.

I think Proton VPN stands out because of its strong focus on user privacy and open-source approach. However, improving server speed consistency and expanding server locations could make the experience even better, especially for global users.

With the increasing use of online lookup tools such as https://dnipornombrepe.org/
, having a fast and secure VPN connection is becoming more relevant than ever. Ensuring smooth performance across all regions would definitely enhance user trust and usability.

This is a well-reasoned feature request. Encrypted DNS (DoH/DoQ) should absolutely be standard in a privacy-focused VPN like Proton, especially on macOS where system-wide settings are limited. I fully support adding this, it closes a clear leakage vector outside the tunnel. On a different note, if you ever sideload privacy-focused or modified apps on iOS, you can check https://nullbrawlpro.com/nulls-brawl-ios/ for reference, but that's unrelated to DNS. For your Proton request, I'd suggest also posting this on their official GitHub or community forum where developers actively track feature suggestions. Thanks for raising this.

I wonder when this will be integrated to Proton VPN mobile apps :/

Fully agree—encrypted DNS is essential for true privacy. Your suggestion perfectly aligns with Proton’s ethos. Also, I found https://nullsbrawls.net.pl/odblokuj-wszystkich-brawlerow-w-nulls-brawl/ a surprisingly positive resource!

This is a great point about encrypted DNS on macOS—how soon do you think Proton VPN might support DoH or DoQ natively? I wonder if optional IPv6 could also be fully integrated without breaking compatibility. Curious if users can already test something similar on alternative platforms; you can also https://spinwinpkgame.org/88ef/ to explore related features.

Supporting DoH and DNS over QUIC for custom DNS would be a valuable feature for Proton VPN users. Encrypted DNS protocols greatly improve privacy and protect users from DNS-based tracking or manipulation, especially on public networks. Adding these modern standards would make Proton VPN even stronger for people who prioritize security and performance.

For example, when accessing online tools like https://snaptikbr.com/ to download or view social media content, having encrypted DNS ensures a safer and more private browsing experience.

Adding DoH and DNS over QUIC support for custom DNS in Proton VPN would be a great improvement for users who care about both privacy and performance. Encrypted DNS helps prevent tracking and ensures safer browsing, especially when using public networks. It would also make Proton VPN even more competitive with other privacy-focused services.

By the way, secure DNS is important for every type of website access. For example, I often check daily updates like STL results today on https://stlresultstoday.net/, and having encrypted DNS ensures the connection stays private and tamper-free.

\La beca Benito Juárez 2025 es un programa social dirigido a estudiantes de nivel básico, medio y superior. Las becas Benito Juárez buscan reducir la deserción escolar mediante apoyo económico directo y constante.https://becas-benito-juarez.com/

The Benito Juárez Scholarship Status 2026 allows you to check if the scholarship is active.
https://buscador-deestatus.com.mx/

Strong support for this feature!

Encrypted DNS (DoH / DoQ) would be especially valuable when using Quad9, which I am already using anyway. Native support in the macOS and iOS apps would greatly improve usability and ensure DNS privacy truly aligns with Proton’s privacy-by-default approach.

that is so informative and i would love to see that\

I already wrote a similar response on the iOS thread, and I'm adding roughly the same comment here for the mac thread.

Privacy and Security Problems with Plaintext DNS on macOS

DNS visibility beyond the VPN tunnel
Even though ProtonVPN encrypts traffic between the device and the VPN server, the DNS queries from the exit server to the resolver remain unencrypted. This allows the exit server’s ISP or any intermediate network to see the domains users visit.

Exposure to interception and tampering
Plaintext DNS can be intercepted or modified. Without encryption, a malicious or compromised network could redirect traffic or block specific domains.

Loss of end-to-end privacy
DNS queries reveal browsing activity. Without encryption between the exit node and the resolver, ProtonVPN users still leak metadata to third parties, which undermines the purpose of using a privacy-first VPN.

Inconsistency with Proton’s “Privacy by Default” principle
Proton promotes complete user privacy and minimal trust in intermediaries. However, unencrypted DNS between the exit server and resolver contradicts that mission, especially for users who rely on privacy-centric resolvers like NextDNS or self-hosted DoH services.

Specific Feature Requests for ProtonVPN macOS

Support DNS-over-HTTPS (DoH, RFC 8484)
Allow users to specify custom encrypted DNS resolvers via DoH endpoints, ensuring DNS queries remain private beyond the VPN tunnel.

Support DNS-over-QUIC (DoQ, RFC 9250)
Add support for DoQ to provide faster, connectionless, and fully encrypted DNS resolution.

Support IPv4 and IPv6
Enable both IPv4 and IPv6 addresses or hostnames for custom encrypted resolvers instead of IPv4-only input.

Maintain end-to-end encryption
Ensure DNS queries are encrypted from the user’s device through the VPN tunnel and continue encrypted all the way to the resolver.

Add transparency for DNS status and fallbacks
Inform users when ProtonVPN is using encrypted DNS and warn if a fallback to plaintext occurs, so users understand their privacy posture in real time.

Why This Matters for ProtonVPN macOS Users

Eliminates plaintext DNS exposure and prevents metadata leaks.

Protects against DNS interception, manipulation, and censorship.

Aligns ProtonVPN’s macOS client with Proton’s broader privacy-by-design philosophy.

Makes the “Custom DNS” feature genuinely privacy-enhancing for advanced users.

Supporting encrypted DNS (DoH and DoQ) would close one of the few remaining privacy gaps in ProtonVPN’s macOS app and strengthen Proton’s claim to full end-to-end protection for its users.

I’m glad ProtonVPN iOS now supports custom DNS (as mentioned in the original post), but the fact it currently only supports plaintext UDP DNS introduces several real risks. Below are what I see as the drawbacks, followed by clear feature-requests that I hope Proton will prioritize.

Negative Consequences of Not Supporting Encrypted DNS (DoH / DoQ)

Exit-node exposure
DNS queries from Proton’s VPN server to the resolver remain unencrypted. That means the VPN host’s ISP or any network between Proton’s server and the DNS resolver can see which domains users are querying.

Vulnerability to DNS manipulation or hijacking
Plaintext DNS is susceptible to MitM attacks: bad actors could intercept or modify DNS responses on that hop, redirecting users to malicious sites or injecting tracking.

Metadata leakage & profiling
Even when content is encrypted and tunneled, unencrypted DNS reveals browsing patterns. Observers could see which domains you visited (or at least requested), undermining user privacy.

Susceptibility to DNS-based attacks
Without integrity checks or encryption, DNS cache poisoning or spoofed responses become easier for adversaries on that plaintext path.

Trust gap
Users choosing Proton expect “privacy by default.” The absence of end-to-end encrypted DNS for custom resolvers creates a discrepancy between Proton’s privacy marketing and its technical exposure.

Clear & Specific Asks (in response to “Add DoH and DNS-over-QUIC Support for Custom DNS on iOS”)

Support DNS-over-HTTPS (DoH, RFC 8484)
Allow users to enter a DoH endpoint (URL or IP + path) as their custom DNS, with DNS-over-HTTPS traffic tunneled securely.

Support DNS-over-QUIC (DoQ, RFC 9250)
As a next-generation encrypted DNS protocol optimized for performance, DoQ support ensures minimal latency and full confidentiality.

Allow mixed IPv4 / IPv6
Accept both IPv4 and IPv6 custom DNS addresses (or DoH/DoQ endpoints), without forcing users to pick IPv4 only.

Tunneled + end-to-end encrypted DNS
Ensure that when DoH/DoQ is selected, DNS queries are sent through the VPN tunnel and remain encrypted all the way to the resolver.

Backward compatibility / fallback
If a custom encrypted resolver fails, Proton should fall back to its default DNS (or prompt the user), while warning that plaintext DNS is less secure.

Expose diagnostics / logs
In debug mode (or with opt-in), show whether DNS is currently encrypted, which resolver is being used, and whether any fallback to plaintext occurred.

By listing these pain points and concrete asks, I hope more Proton users will find this thread, vote it up, and help push this feature up the roadmap. If Proton implements this, it makes the “custom DNS” feature genuinely privacy-first.

Fortunately, local DNS entries for custom DNS are possible in the Linux client. Why isn’t this possible in the Android client? In addition to the ability to add local DNS, support for DoT and DoH DNS addresses would be welcome as a feature.

For the love of God, can this be implemented please?

It seems odd that Proton VPN would only be limited to ipv4-based DNS resolvers when a lot of other lesser VPNs support proper Custom DNS.

It's critical without a doubt. Not only does it limit us to primarily public DNS resolvers, it also limits us to only have unencrypted traffic, unless we use netshield. You can either implement DoT and DoH, or let us use system DNS (I refer to windows custom DNS, android custom dns config, iPhone .mobileconfig file, etc. ) I have to tear myself between using proton VPN and AdGuard DNS that supports DOH and DOT, but instead I have to use their public DNS, which is not bad, but I miss out on all logging for my DNS and precise ad blockers that I select myself, instead of AdGuard.) That is just an example of it being used with your vpn, but instead we have to rely on public ipv4 that doesn't provide the authentication that we need to truly stay anonymous online. Using your netshield shouldn't be the only option to secure our DNS traffic. Make it compatible with AdGuard-dns.io, as it covers all basis of possible connections to their server. But paying for reserving an ip shouldn't be the only option.

I whole heartedly agree!