DNSSettings.DNSSettings

If true, the device allows failover to the default system DNS resolver.

The encrypted transport protocol used to communicate with the DNS server.

The UUID that points to an identity certificate payload. The system uses this identity to authenticate the user to the DNS resolver.

An unordered list of DNS server IP address strings. These IP addresses can be a mixture of IPv4 and IPv6 addresses.

The hostname of a DNS-over-TLS server used to validate the server certificate, as defined in RFC 7858. If no ServerAddresses are provided, the system uses the hostname to determine the server addresses. This key must be present only if the DNSProtocol is TLS.

The URI template of a DNS-over-HTTPS server, as defined in RFC 8484. This URL needs to use the https:// scheme, and the system uses the hostname or address in the URL to validate the server certificate. If no ServerAddresses are provided, the system uses the hostname or address in the URL to determine the server addresses. Required if DNSProtocol is HTTPS.

A list of domain strings used to determine which DNS queries use the DNS server. If not set, all domains use the DNS server.

The system supports a single wildcard (*) prefix, but it’s not required. For example, both *.example.com and example.com match against mydomain.example.com and your.domain.example.com, but don’t match against mydomain-example.com.