I agree. In the name of privacy, it just make sense to extend custom DNS support to support encrypted DNS (DoH, DoT, DoQ, etc) entries too rather than just IPv4 addresses that only support unencrypted DNS queries.

I agree. In the name of privacy, it just make sense to extend custom DNS support to support encrypted DNS (DoH, DoT, etc) entries too rather than just IPv4 addresses that only support unencrypted DNS queries.

Currently, Proton VPN on macOS only allows custom DNS configuration via plaintext IPv4. This exposes DNS queries to interception and does not align with Proton’s privacy-first principles.

Please add support for encrypted DNS protocols—DNS-over-HTTPS (DoH, RFC 8484) and DNS-over-QUIC (DoQ, RFC 9250)—within the macOS app’s DNS settings.

Many providers, such as NextDNS, do not accept unencrypted IPv4 queries unless pre-authorized. This limits usability and reduces privacy.

Optional IPv6 support should also be respected where resolvers prefer or require it.

Adding encrypted DNS support would ensure stronger protection of user traffic beyond the VPN tunnel and reinforce Proton’s commitment to privacy by default.

This would be a great feature for Proton.

I'm excited to see that ProtonVPN iOS now supports custom DNS functionality.
However, I noticed that it currently only supports plaintext UDP DNS queries.
As a privacy-conscious user who chose Proton specifically for its commitment to privacy, I would like to request support for encrypted DNS protocols, specifically DNS-over-HTTPS (DoH) and DNS-over-QUIC.

Privacy Concerns with Plaintext UDP DNS:
Even when using a VPN, plaintext UDP DNS poses several privacy risks:
1. DNS Query Visibility: While the VPN encrypts the connection between my device and the VPN server, DNS queries from the VPN server to the DNS resolver remain unencrypted and can be monitored by the VPN server's ISP, network intermediaries between the VPN server and DNS resolver, and the DNS resolver itself if not trustworthy.

2. DNS Hijacking and Manipulation: Plaintext DNS is vulnerable to man-in-the-middle attacks where malicious actors can intercept and modify DNS responses, potentially redirecting users to malicious websites.

3. Metadata Leakage: Even with VPN protection, plaintext DNS queries reveal browsing patterns and website visits to anyone monitoring the DNS traffic, undermining the privacy protection that VPN users expect.

4. ISP DNS Cache Poisoning: Unencrypted DNS queries are susceptible to cache poisoning attacks, where false DNS records can be injected into DNS caches.

Why This Matters for Proton:

As a company that positions itself as "Privacy by Default," supporting only plaintext DNS seems inconsistent with Proton's core values.
Your users choose ProtonVPN specifically because they trust you to provide the highest level of privacy protection.
Encrypted DNS protocols like DoH and DNS-over-QUIC would ensure end-to-end encryption of DNS queries, prevent DNS-based tracking and profiling, protect against DNS manipulation and censorship, and align with Proton's mission of making privacy accessible to everyone.

Feature Request:
Please consider adding support for DNS-over-HTTPS (DoH) - RFC 8484 and DNS-over-QUIC (DoQ) - RFC 9250.

This would allow users to configure custom encrypted DNS resolvers, ensuring that their DNS queries remain private even beyond the VPN tunnel.