Buy or Renew
Buy or Renew
NOTICE: OpenDNS reactivated for users in Belgium. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
1
Replies

DNS over HTTPS (DOH) and custom filtering on OpenDNS

Damien01001
Level 1
Level 1

‎06-22-2025 06:05 AM

Hi.  I have set up some customer filtering using openDNS.  Can i access that via DOH, from what I read seems people only reference the public opendns server.

What settings should i use if I want to use DOH and opendns custom filtering

 

thanks  D

0 Helpful
1 Reply 1

wajidhassan
Level 4
Level 4

‎07-14-2025 09:11 AM

You're absolutely right — OpenDNS (now Cisco Umbrella) supports DNS over HTTPS (DoH), but custom filtering (like content categories or domain blacklists) is only applied when requests come from your registered IP, not just any client using the public OpenDNS resolvers.

So, if you want to use DoH and benefit from your OpenDNS custom filtering, here's what you need to know:

Summary: Can OpenDNS Be Used with DoH and Custom Filtering?
Feature Supported
DNS-over-HTTPS (DoH)   Yes (via https://doh.opendns.com/dns-query)
Custom filtering with DoH   Yes, but only if source IP is registered with your OpenDNS dashboard

You must register the public IP of the client or DoH resolver in your OpenDNS dashboard.

How to Use DoH with OpenDNS and Apply Custom Filtering
1. Register Your IP in OpenDNS
Go to dashboard.opendns.com/settings

Add your external/public IP address

Assign your custom filtering and security settings

This IP must match the source IP seen by OpenDNS when resolving DNS queries — i.e., the IP of your firewall/router, or the IP of the device doing DoH (if not behind NAT)

2. Use OpenDNS DoH Endpoint
Use the following DoH resolver:

arduino
Copy
Edit
https://doh.opendns.com/dns-query
Supported by clients like Firefox, NextDNS CLI, or dnscrypt-proxy

Uses your public IP for filtering decisions

3. Configure DoH on the Client
Example: Firefox
Go to about:preferences#privacy

Enable DNS over HTTPS

Choose Custom Provider:

arduino
Copy
Edit
https://doh.opendns.com/dns-query
Your public IP (not just doh.opendns.com) must be recognized in your OpenDNS account for filtering to apply.

4. Optional: Use myip.opendns.com to Verify
To verify what IP OpenDNS sees (via DNS):

bash
Copy
Edit
dig @208.67.222.222 myip.opendns.com +short
5. Troubleshooting
Issue Fix
Filtering not applied Confirm your public IP is registered in OpenDNS
Using VPN or NAT Your DoH source IP may differ — register the exit IP
Using 3rd-party DoH resolver Will bypass OpenDNS filtering

Important Limitation
OpenDNS does not support user-level or key-authenticated DoH — it relies only on source IP. So:

You can’t apply filtering rules per-device using just DoH.

Use Umbrella Roaming Client or Cisco Secure Client for per-device enforcement (that uses DoH with identity).

Best Practice
If you want to... Then...
Apply filtering via DoH to a known IP (e.g., your home firewall)   Use https://doh.opendns.com/dns-query and register your home IP in OpenDNS
Apply per-device filtering using DoH (e.g., on laptops)   Use Cisco Umbrella Roaming Client or Secure Client
Use dynamic IP (home users)   Use OpenDNS Updater tool to keep your IP updated in the dashboard

0 Helpful
Customers Also Viewed These Support Documents