https://community.cisco.com/t5/opendns/dns-over-https-doh-and-custom-filtering-on-opendns/m-p/5309215#M18404 <P>You're absolutely right — OpenDNS (now Cisco Umbrella) supports DNS over HTTPS (DoH), but custom filtering (like content categories or domain blacklists) is only applied when requests come from your registered IP, not just any client using the public OpenDNS resolvers.</P><P>So, if you want to use DoH and benefit from your OpenDNS custom filtering, here's what you need to know:</P><P>Summary: Can OpenDNS Be Used with DoH and Custom Filtering?<BR />Feature Supported<BR />DNS-over-HTTPS (DoH)&nbsp; &nbsp;Yes (via <A href="https://doh.opendns.com/dns-query" target="_blank">https://doh.opendns.com/dns-query</A>)<BR />Custom filtering with DoH&nbsp; &nbsp;Yes, but only if source IP is registered with your OpenDNS dashboard</P><P>You must register the public IP of the client or DoH resolver in your OpenDNS dashboard.</P><P>How to Use DoH with OpenDNS and Apply Custom Filtering<BR />1. Register Your IP in OpenDNS<BR />Go to dashboard.opendns.com/settings</P><P>Add your external/public IP address</P><P>Assign your custom filtering and security settings</P><P>This IP must match the source IP seen by OpenDNS when resolving DNS queries — i.e., the IP of your firewall/router, or the IP of the device doing DoH (if not behind NAT)</P><P>2. Use OpenDNS DoH Endpoint<BR />Use the following DoH resolver:</P><P>arduino<BR />Copy<BR />Edit<BR /><A href="https://doh.opendns.com/dns-query" target="_blank">https://doh.opendns.com/dns-query</A><BR />Supported by clients like Firefox, NextDNS CLI, or dnscrypt-proxy</P><P>Uses your public IP for filtering decisions</P><P>3. Configure DoH on the Client<BR />Example: Firefox<BR />Go to about:preferences#privacy</P><P>Enable DNS over HTTPS</P><P>Choose Custom Provider:</P><P>arduino<BR />Copy<BR />Edit<BR /><A href="https://doh.opendns.com/dns-query" target="_blank">https://doh.opendns.com/dns-query</A><BR /><span class="lia-unicode-emoji" title=":magnifying_glass_tilted_left:">🔍</span> Your public IP (not just doh.opendns.com) must be recognized in your OpenDNS account for filtering to apply.</P><P>4. Optional: Use myip.opendns.com to Verify<BR />To verify what IP OpenDNS sees (via DNS):</P><P>bash<BR />Copy<BR />Edit<BR />dig @208.67.222.222 myip.opendns.com +short<BR />5. Troubleshooting<BR />Issue Fix<BR />Filtering not applied Confirm your public IP is registered in OpenDNS<BR />Using VPN or NAT Your DoH source IP may differ — register the exit IP<BR />Using 3rd-party DoH resolver Will bypass OpenDNS filtering</P><P>Important Limitation<BR />OpenDNS does not support user-level or key-authenticated DoH — it relies only on source IP. So:</P><P>You can’t apply filtering rules per-device using just DoH.</P><P>Use Umbrella Roaming Client or Cisco Secure Client for per-device enforcement (that uses DoH with identity).</P><P>Best Practice<BR />If you want to... Then...<BR />Apply filtering via DoH to a known IP (e.g., your home firewall)&nbsp; &nbsp;Use <A href="https://doh.opendns.com/dns-query" target="_blank">https://doh.opendns.com/dns-query</A> and register your home IP in OpenDNS<BR />Apply per-device filtering using DoH (e.g., on laptops)&nbsp; &nbsp;Use Cisco Umbrella Roaming Client or Secure Client<BR />Use dynamic IP (home users)&nbsp; &nbsp;Use OpenDNS Updater tool to keep your IP updated in the dashboard</P> Mon, 14 Jul 2025 16:11:59 GMT wajidhassan 2025-07-14T16:11:59Z https://community.cisco.com/t5/opendns/dns-over-https-doh-and-custom-filtering-on-opendns/m-p/5301416#M18370 <P>Hi.&nbsp; I have set up some customer filtering using openDNS.&nbsp; Can i access that via DOH, from what I read seems people only reference the public opendns server.</P><P>What settings should i use if I want to use DOH and opendns custom filtering</P><P>&nbsp;</P><P>thanks&nbsp; D</P> Sun, 22 Jun 2025 13:05:53 GMT https://community.cisco.com/t5/opendns/dns-over-https-doh-and-custom-filtering-on-opendns/m-p/5301416#M18370 Damien01001 2025-06-22T13:05:53Z https://community.cisco.com/t5/opendns/dns-over-https-doh-and-custom-filtering-on-opendns/m-p/5309215#M18404 <P>You're absolutely right — OpenDNS (now Cisco Umbrella) supports DNS over HTTPS (DoH), but custom filtering (like content categories or domain blacklists) is only applied when requests come from your registered IP, not just any client using the public OpenDNS resolvers.</P><P>So, if you want to use DoH and benefit from your OpenDNS custom filtering, here's what you need to know:</P><P>Summary: Can OpenDNS Be Used with DoH and Custom Filtering?<BR />Feature Supported<BR />DNS-over-HTTPS (DoH)&nbsp; &nbsp;Yes (via <A href="https://doh.opendns.com/dns-query" target="_blank">https://doh.opendns.com/dns-query</A>)<BR />Custom filtering with DoH&nbsp; &nbsp;Yes, but only if source IP is registered with your OpenDNS dashboard</P><P>You must register the public IP of the client or DoH resolver in your OpenDNS dashboard.</P><P>How to Use DoH with OpenDNS and Apply Custom Filtering<BR />1. Register Your IP in OpenDNS<BR />Go to dashboard.opendns.com/settings</P><P>Add your external/public IP address</P><P>Assign your custom filtering and security settings</P><P>This IP must match the source IP seen by OpenDNS when resolving DNS queries — i.e., the IP of your firewall/router, or the IP of the device doing DoH (if not behind NAT)</P><P>2. Use OpenDNS DoH Endpoint<BR />Use the following DoH resolver:</P><P>arduino<BR />Copy<BR />Edit<BR /><A href="https://doh.opendns.com/dns-query" target="_blank">https://doh.opendns.com/dns-query</A><BR />Supported by clients like Firefox, NextDNS CLI, or dnscrypt-proxy</P><P>Uses your public IP for filtering decisions</P><P>3. Configure DoH on the Client<BR />Example: Firefox<BR />Go to about:preferences#privacy</P><P>Enable DNS over HTTPS</P><P>Choose Custom Provider:</P><P>arduino<BR />Copy<BR />Edit<BR /><A href="https://doh.opendns.com/dns-query" target="_blank">https://doh.opendns.com/dns-query</A><BR /><span class="lia-unicode-emoji" title=":magnifying_glass_tilted_left:">🔍</span> Your public IP (not just doh.opendns.com) must be recognized in your OpenDNS account for filtering to apply.</P><P>4. Optional: Use myip.opendns.com to Verify<BR />To verify what IP OpenDNS sees (via DNS):</P><P>bash<BR />Copy<BR />Edit<BR />dig @208.67.222.222 myip.opendns.com +short<BR />5. Troubleshooting<BR />Issue Fix<BR />Filtering not applied Confirm your public IP is registered in OpenDNS<BR />Using VPN or NAT Your DoH source IP may differ — register the exit IP<BR />Using 3rd-party DoH resolver Will bypass OpenDNS filtering</P><P>Important Limitation<BR />OpenDNS does not support user-level or key-authenticated DoH — it relies only on source IP. So:</P><P>You can’t apply filtering rules per-device using just DoH.</P><P>Use Umbrella Roaming Client or Cisco Secure Client for per-device enforcement (that uses DoH with identity).</P><P>Best Practice<BR />If you want to... Then...<BR />Apply filtering via DoH to a known IP (e.g., your home firewall)&nbsp; &nbsp;Use <A href="https://doh.opendns.com/dns-query" target="_blank">https://doh.opendns.com/dns-query</A> and register your home IP in OpenDNS<BR />Apply per-device filtering using DoH (e.g., on laptops)&nbsp; &nbsp;Use Cisco Umbrella Roaming Client or Secure Client<BR />Use dynamic IP (home users)&nbsp; &nbsp;Use OpenDNS Updater tool to keep your IP updated in the dashboard</P> Mon, 14 Jul 2025 16:11:59 GMT https://community.cisco.com/t5/opendns/dns-over-https-doh-and-custom-filtering-on-opendns/m-p/5309215#M18404 wajidhassan 2025-07-14T16:11:59Z