Future Consideration Omada DNS over TLS using hostname
Please implement the possibility to use a hostname as DNS over TLS upstream in Omada SDN.
Currently, it is possible to set an IP only (like plain DNS, 53). Hostname/URL DNS upstream is available only on DOH.
Using custom hostnames as DNS server is necessary to let the DNS server identify the origin of the queries (see NextDNS, RethinkDNS or ControlD smart-DNS services).
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Bianco8
Thanks for posting in our business forum.
Just a reminder, it is IP only but encrypted. There is no difference in IP and hostname or FQDN.
Thank you for your improvement feedback on this.
- Copy Link
- Report Inappropriate Content
Hello,
Many Smart DNS services using DOT require to specify the host/subdomain. This will allow the DNS resolver to apply specific policy.
I'm using ControlD DNS and have a different subdomain[.]domain[.]com upstream, which all resolves to 1 AnyCast IP.
DNS-over-TLS/DoQ
user-id-or-device-profile [.] dns-domain [.] com
As Omada is lacking a complete DNS solution, it would be useful to add support to DNS over TLS resolver via domain, allowing customer to add static entries on their smart DNS service as workaround. Being said, this is already possible using DOH, but I don't see why it shouldn't be available on DOT as the protocol per se it's already present.
- Copy Link
- Report Inappropriate Content
Hi @Bianco8
Thanks for posting in our business forum.
Bianco8 wrote
Hello,
Many Smart DNS services using DOT require to specify the host/subdomain. This will allow the DNS resolver to apply specific policy.
I'm using ControlD DNS and have a different subdomain[.]domain[.]com upstream, which all resolves to 1 AnyCast IP.
DNS-over-TLS/DoQ
user-id-or-device-profile [.] dns-domain [.] com
As Omada is lacking a complete DNS solution, it would be useful to add support to DNS over TLS resolver via domain, allowing customer to add static entries on their smart DNS service as workaround. Being said, this is already possible using DOH, but I don't see why it shouldn't be available on DOT as the protocol per se it's already present.
OK. You may use the DoH before the DoT is officially supported.
Will send this request to the dev.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Clive_A Hello, it's been a while since this feature was requested (and in multiple threads older than this one). Is there an update on using fqdn for DoT just like we can do now with DoH?
This is a desired feature since DoT, as others have said, its more secure than DoH.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 5
Views: 504
Replies: 6