We plan to support DoH for now. You can expect that we would allow typing the URL for your DoH settings. Out of curiosity, why do people prefer DoT to DoH? 
2 Likes
Hello @Eddy_Yeung
for me DoT is easier to configure as I just need to add a URL to WANs configuration (in my case nextdns DOT server url).
However DoH has advantages:
Protocol Layers: While DoT is essentially DNS over TLS, DoH is actually DNS over HTTP over TLS.
Different ports: DoT traffic uses the dedicated port 853 and can therefore be detected at the network level (and is blocked in many networks or countries). DoH uses the default port 443 (HTTPS).
I am thinking about standardizing on Peplink routers for my remote workers but I must have DNS over TLS or DNS over HTTPS. We would use Cloudflare for Teams and they provide a URL to enter into the router so that would be my preference.
Any estimates on when this feature will be implemented?
Thank you very much.
Please don’t ever support this. It makes spyware and telemetry invisible.
Make it optional.
Currently, we are targetting this on the next major release and the timeframe is not fixed yet. However, we may be able to create a special build for you guys to try. Stay tuned.
3 Likes
Any updates on timeline for this, or the possibility of a special build? DNS over HTTPS (or TLS) is becoming a higher priority requirement for some of my mobile deployments.
The coming 8.2.0 is our target and will have a public beta soon. Please stay tuned.
4 Likes
Hey folks, if you’re waiting for DOH support, 8.2.0 BETA1 is out and has the support. DOH is a global setting and found under Network > WAN
To download, head over to:
https://forum.peplink.com/t/firmware-8.2.0-beta-1/
4 Likes
Hi Keith;
Could you share a preview image of the settings related to DNS over HTTPS? Also is it for the entire network (both the WAN’s in the case of Balance Two series). If not can you please ensure it is for both.
I do not want to load the beta firmware because I am running mine in production so any instability would not be accepted
Also if there is any extra documentation that would be super helpful
Thanks appreciate it. Can you also provide IPv6 address support?
I have asked this a quite a few times and I would really appreciate it if peplink can provide IPv6 support over DHCP on LAN. so that we can access IPv6 sites.
IPv6 is in development with a multi-phase approach.
To better support your IPv6 needs, I suggest you put together a detailed description about your requirements and use case of IPv6, and create a support ticket at Peplink Ticketing System
Our support/engineering team can then follow up with you on that ticket. Thanks.
3 Likes
Hello Keith,
good news! 
I tested it and it worked well in RC3 fw on our Balance One.
looks like, that the same DOH configuration is used for all external WANs and all internal VLANs of the Balance one.
For Nextdns this seems to be a problem as it detects the IP where a DNS request comes from to match a dns profile. So it’s leading to confusion if different WAN channels (1 cable, 2 LTE … all different WAN IPs) use the same resolver template. Any suggestion?
It looks like the Balance One is ignoring local dns record entries with active DOH, too.
1 Like
Hi. @ckirch. If you’re seeing what appears to be anomalous behavior of the FW I’d suggest the most direct way to get your observation into the hands of those who can deal with it may be to submit a ticket. Those who respond to tickets have a direct path to the folks who develop and maintain the code.
1 Like
It is addressed in ticket 22030561.
I made some more tests. With DOH enabled on a balance one my iPhones and iPads do not find the 2 airprint enabled printers furthermore.
Local address name resolution does bot seem to work.
If one uses a pi-hole, points DHCP/DNS to use the pi-hole at: Network > Untagged LAN > DHCP Server > DNS Servers > DNS Server 1 (LOCAL PI-HOLE IP HERE)
how does enabling Network > WAN > DNS over HTTPS impact using the pi-hole?
Do all requests still go through the pi-hole and then they get DNS over HTTPS on top from the Peplink? Or does the DNS over HTTPS override the Pi-hole and that no longer will be used?
Thanks
1 Like