Is DNS-over-HTTPS or -TLS possible with system configuration settings when a NEFilterDataProvider is running/activated?

I'm trying to figure out how to enable DNS-over-HTTPS or -TLS on macOS 12 or later when a NEFilterDataProvider is activated.

From what I'm observing, this can not be done using a configuration profile as the DNS Settings will then appear as not running or disabled in the Network/Filters pref pane (using a MDM or not).

Correct me if I'm wrong but, from what I'm understanding in the last answer of this thread, Private Relay (Oblivious DoH?) would not work either.

[Q] Is it possible to configure DNS-over-HTTPS or -TLS at the system level when a NEFilterDataProvider is activated? If it is, how is it supposed to be done?

Is it possible to configure DNS-over-HTTPS or -TLS at the system level when a NEFilterDataProvider is activated? If it is, how is it supposed to be done?

On macOS NEDNSSettings and a NEFilterDataProvider are exclusive (r. 64940244). So that means an existing NEFilterDataProvider will always take precedence over the DNS Settings on macOS.

Thanks.

Does this mean that, in such a case, the only solutions to get DNS-over-HTTPS/-TLS are to either use your own DNS client code in your application (what Google Chrome does for instance) or to configure a DNS proxy solution (e.g. https://blog.smittytone.net/2022/05/07/how-to-do-dns-over-https-on-macos)?

If I understand you correctly, yes, you'll have to either implement your own DoH or DoT provider with NEDNSSettings or your will need to implement your own DNS Proxy Provider.

Actually, it was more a question regarding which options are available to an end-user to get DNS-over-HTTPS or TLS when a Network Extension (with a Data Filter Provider) is running on macOS.

Is DNS-over-HTTPS or -TLS possible with system configuration settings when a NEFilterDataProvider is running/activated?
 
 
Q