Fortunately, local DNS entries for custom DNS are possible in the Linux client. Why isn’t this possible in the Android client? In addition to the ability to add local DNS, support for DoT and DoH DNS addresses would be welcome as a feature.

For the love of God, can this be implemented please?

It seems odd that Proton VPN would only be limited to ipv4-based DNS resolvers when a lot of other lesser VPNs support proper Custom DNS.

It's critical without a doubt. Not only does it limit us to primarily public DNS resolvers, it also limits us to only have unencrypted traffic, unless we use netshield. You can either implement DoT and DoH, or let us use system DNS (I refer to windows custom DNS, android custom dns config, iPhone .mobileconfig file, etc. ) I have to tear myself between using proton VPN and AdGuard DNS that supports DOH and DOT, but instead I have to use their public DNS, which is not bad, but I miss out on all logging for my DNS and precise ad blockers that I select myself, instead of AdGuard.) That is just an example of it being used with your vpn, but instead we have to rely on public ipv4 that doesn't provide the authentication that we need to truly stay anonymous online. Using your netshield shouldn't be the only option to secure our DNS traffic. Make it compatible with AdGuard-dns.io, as it covers all basis of possible connections to their server. But paying for reserving an ip shouldn't be the only option.

I whole heartedly agree!

I agree. In the name of privacy, it just make sense to extend custom DNS support to support encrypted DNS (DoH, DoT, DoQ, etc) entries too rather than just IPv4 addresses that only support unencrypted DNS queries.

I agree. In the name of privacy, it just make sense to extend custom DNS support to support encrypted DNS (DoH, DoT, etc) entries too rather than just IPv4 addresses that only support unencrypted DNS queries.

Currently, Proton VPN on macOS only allows custom DNS configuration via plaintext IPv4. This exposes DNS queries to interception and does not align with Proton’s privacy-first principles.

Please add support for encrypted DNS protocols—DNS-over-HTTPS (DoH, RFC 8484) and DNS-over-QUIC (DoQ, RFC 9250)—within the macOS app’s DNS settings.

Many providers, such as NextDNS, do not accept unencrypted IPv4 queries unless pre-authorized. This limits usability and reduces privacy.

Optional IPv6 support should also be respected where resolvers prefer or require it.

Adding encrypted DNS support would ensure stronger protection of user traffic beyond the VPN tunnel and reinforce Proton’s commitment to privacy by default.

This would be a great feature for Proton.

I'm excited to see that ProtonVPN iOS now supports custom DNS functionality.
However, I noticed that it currently only supports plaintext UDP DNS queries.
As a privacy-conscious user who chose Proton specifically for its commitment to privacy, I would like to request support for encrypted DNS protocols, specifically DNS-over-HTTPS (DoH) and DNS-over-QUIC.

Privacy Concerns with Plaintext UDP DNS:
Even when using a VPN, plaintext UDP DNS poses several privacy risks:
1. DNS Query Visibility: While the VPN encrypts the connection between my device and the VPN server, DNS queries from the VPN server to the DNS resolver remain unencrypted and can be monitored by the VPN server's ISP, network intermediaries between the VPN server and DNS resolver, and the DNS resolver itself if not trustworthy.

2. DNS Hijacking and Manipulation: Plaintext DNS is vulnerable to man-in-the-middle attacks where malicious actors can intercept and modify DNS responses, potentially redirecting users to malicious websites.

3. Metadata Leakage: Even with VPN protection, plaintext DNS queries reveal browsing patterns and website visits to anyone monitoring the DNS traffic, undermining the privacy protection that VPN users expect.

4. ISP DNS Cache Poisoning: Unencrypted DNS queries are susceptible to cache poisoning attacks, where false DNS records can be injected into DNS caches.

Why This Matters for Proton:

As a company that positions itself as "Privacy by Default," supporting only plaintext DNS seems inconsistent with Proton's core values.
Your users choose ProtonVPN specifically because they trust you to provide the highest level of privacy protection.
Encrypted DNS protocols like DoH and DNS-over-QUIC would ensure end-to-end encryption of DNS queries, prevent DNS-based tracking and profiling, protect against DNS manipulation and censorship, and align with Proton's mission of making privacy accessible to everyone.

Feature Request:
Please consider adding support for DNS-over-HTTPS (DoH) - RFC 8484 and DNS-over-QUIC (DoQ) - RFC 9250.

This would allow users to configure custom encrypted DNS resolvers, ensuring that their DNS queries remain private even beyond the VPN tunnel.