Possible to set Private DNS on a per network basis?

bbanzai

It would be helpful to be able to have Private DNS enabled for specific networks or specific connection types (e.g. always use Private DNS for cellular and specific wifi networks when not on home network). Is this possible in the current implementation?

yellow-leaves

bbanzai
DOT or private DNS is phone wide and can't be customized the way you wish.
You could have a specific user profile which you only activate at work (kept at rest at all other times), and use a VPN on other profiles to achieve in order to achieve better privacy against eavesdropping and MITM attacks (unencrypted traffic).
The VPN connection will also protect your DNS.

P.S. Don't forget to enable the HTTPS only mode in your web browser as well!

DeletedUser115

No... Don't think so... Why?

bbanzai

On my home network, I have an adguardhome instance serving as my DNS server / filter. It would be great if the phone could recognize that I'm using that specific network and disable Private DNS, and automatically use it when I change networks, such as cellular or on public wifi.

Wurzelmann

Resurrecting this thread, because this would be really great as an option...

trilogy6202

Wurzelmann If your use case is similar to bbanzai and you run AGH or PiHole at home one solution would be to install a wireguard VPN on your home network and route all of your traffic through your home network while you are out and about.

Then you can configure AGH (esaiest) or Pihole to use dns-over-tcp upstream.

Wurzelmann

It is a bit more complex, I'm fraid, because the private DNS interferes with our enterprise DNS at work unfortunately. That's why being able to disable private DNS for specific networks would be useful.

trilogy6202

Wurzelmann Yeah in that case my proposed solution won't help you.