Support DNS over HTTPS


  • Now that we a great new privacy minded and free public DNS with Cloudflare's new 1.1.1.1 DNS, I would love to see Amplifi support DNS over HTTPS (DOH). DNS over HTTPS would encrypt all our DNS request and our ISPs would no longer be able to see and log which sites we visit via DNS requests. Firefox is supporting DOH in their beta, but it would be awesome if this was support on a router level. We would not have to wait for OS and browser vendors.

    Supporting DOH would make life so much harder for shitty ISPs who try to sell DNS data to advertisers/databrokers, countries who abuse the DNS-system and block sites/content they don't like and privacy minded consumers would probably love it.

    https://developers.cloudflare.com/1.1.1.1/dns-over-https/


  • ☝

    To go along with this, please add support for manually setting an IPv6 DNS server (which Cloudflare also provides in addition to 1.1.1.1).

    Right now, the Amplifi admin app only allows you to specify IPv4 addresses, but if you're running dual stack and using DHCP/DHCPv6 to get an IP, it's not clear whether it will still pick up and use the IPv6 DNS server for IPv6 requests. (edit: This forum post from Nov 2017 seems to suggest that the DHCPv6-provided DNS server will be inherited for IPv6 requests, which I'll wager is not the behavior expected by users when they are manually overriding the DNS server).


  • +1 for DNS over HTTPS and, in general, fully embracing 1.1.1.1 DNS features.


  • Another +1 for DNS-over-TLS. This is becoming an ever more important feature and marketing point for home products. Making this easy to implement will be a big win.


  • Everything the others said.

    Full support for DNS over HTTPS! Embrace 1.1.1.1 🙂


  • This. Now. Please?


  • I know that this is old, but maybe adding a reply might bring it back to the top, or get the devs attention.

    +1 for this.


  • One more requesting this feature


  • Yes +1 !


  • I will admit to also wanting this feature. However...
    I currently run pi-hole on a Raspberry Pi with Unbound as a recursive DNS server.
    Running a recursive DNS server is even more secure and private than DoH or DoT. More importantly, the adblocking features of the pi-hole has DRAMATICALLY reduced my internet throughput (about 50%). So for those of you that have capped internet usage (likely most), the pi-hole gives an advantage that Amplifi cannot match. For this reason, even if DoH/DoT is implemented I would not go away from my current configuration.


  • DoH is future of the Web. Must have, IMHO.
    My vote for it.


  • +1 DoH or DoT is very important.


  • Still nothing?

    Any other company supporting DOH?
    Maybe it's time to change router.


  • @Michael-K I’ve been asking for the ipv6 configurable options for a long time. Years I believe. They’ve never given me an outright “no”, but apparently it’s harder than it seems. Or it’s very close to the bottom of the priorities. I would love to see DOH as well though!


  • I know this is old, but posting here as well that I support and require this.

    I am looking at migrating from DD-WRT to Ubiquiti / Amplifi, but this is a base-line requirement for me as I don't want to essentially be losing network security by making the switch to the Amplifi router.


  • I am waiting for this for ages now and it is unthinkable that Ubiquiti didn't include DoH/DoT already.
    I didn't suggest this device to a few friends just because of lack/missing of DoH or DoT.

    Shame


  • +1 for feature request


  • Any new news? DoH and DoT are really important features.


  • @Michael-K synology has a few routers that support DoH


  • I just wrote to Ubiquiti support and I was told to add a reply here for this feature request.

    don't forget that devices on the network may have DNS hardcoded in many ways and they can bypass any DNS address given by the DHCP server, so, I found that the best implementation of DOH is complementing it with DNAT, so any request to port 53 will be redirected to the main router to process those internal network requests, then the router uses DOH to encrypt those queries.

    That is exactly I'm able to do with Ubiquiti EdgeRouter 4 with DNAT and I have installed NextDNS on it so I manage my DNS with them. all requests to port 53 will be processed by the EdgeRouter then sent to NextDNS using DOH. In my case, I want not only privacy, I want security and control as well, blocking features, etc.

    I got the AmpliFi router to try it and replace UniFi APs and I love the simplicity and the design of the AmpliFi routers. I simply connect the Amplifi's wan port to one of the EdgeRouter 4 ports and put Amplifi in bridge mode for now, until DOH is properly implemented in the AmpliFi, then this will be the perfect router, no question! I can recommend this product to a non Geek User, but...

    The message here is that the AmpliFi not only needs DOH implementation, it needs an option to redirect all DNS queries made in port 53 to the AmpliFi itself and then be able to send DNS queries using DOH to a specified URL. I mean, it must have an option to redirect or not port 53 providing an easy way to do it from the mobile app... some sort of DNAT just for port 53 as an easy to activate within the app...

    NextDNS Web Interface <-> ISP <-> Edge Router 4 with NextDNS and DNAT <-> AmpliFi in Bridge Mode <-> Home Network unencrypted DNS

    I'm basically using the AmpliFi as an Access point for now, hope developers take this into account to make this product complete in my opinion.


Log in to reply