diff --git a/Sources/WireGuardKit/InterfaceConfiguration.swift b/Sources/WireGuardKit/InterfaceConfiguration.swift
index d99d969..ad63b18 100644
--- a/Sources/WireGuardKit/InterfaceConfiguration.swift
+++ b/Sources/WireGuardKit/InterfaceConfiguration.swift
@@ -11,6 +11,8 @@ public struct InterfaceConfiguration {
     public var mtu: UInt16?
     public var dns = [DNSServer]()
     public var dnsSearch = [String]()
+    public var dnsHTTPSURL: URL?
+    public var dnsTLSServerName: String?
 
     public init(privateKey: PrivateKey) {
         self.privateKey = privateKey
@@ -27,6 +29,8 @@ extension InterfaceConfiguration: Equatable {
             lhs.listenPort == rhs.listenPort &&
             lhs.mtu == rhs.mtu &&
             lhs.dns == rhs.dns &&
-            lhs.dnsSearch == rhs.dnsSearch
+            lhs.dnsSearch == rhs.dnsSearch &&
+            lhs.dnsHTTPSURL == rhs.dnsHTTPSURL &&
+            lhs.dnsTLSServerName == rhs.dnsTLSServerName
     }
 }
diff --git a/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift b/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
index 3658956..f4095bd 100644
--- a/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
+++ b/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift
@@ -85,11 +85,25 @@ class PacketTunnelSettingsGenerator {
 
         if !tunnelConfiguration.interface.dnsSearch.isEmpty || !tunnelConfiguration.interface.dns.isEmpty {
             let dnsServerStrings = tunnelConfiguration.interface.dns.map { $0.stringRepresentation }
-            let dnsSettings = NEDNSSettings(servers: dnsServerStrings)
+
+            let dnsSettings: NEDNSSettings
+            if let dnsHTTPSURL = tunnelConfiguration.interface.dnsHTTPSURL {
+                let dohSettings = NEDNSOverHTTPSSettings(servers: dnsServerStrings)
+                dohSettings.serverURL = dnsHTTPSURL
+                dnsSettings = dohSettings
+            } else if let dnsTLSServerName = tunnelConfiguration.interface.dnsTLSServerName {
+                let dotSettings = NEDNSOverTLSSettings(servers: dnsServerStrings)
+                dotSettings.serverName = dnsTLSServerName
+                dnsSettings = dotSettings
+            } else {
+                dnsSettings = NEDNSSettings(servers: dnsServerStrings)
+            }
+
             dnsSettings.searchDomains = tunnelConfiguration.interface.dnsSearch
             if !tunnelConfiguration.interface.dns.isEmpty {
                 dnsSettings.matchDomains = [""] // All DNS queries must first go through the tunnel's DNS
             }
+
             networkSettings.dnsSettings = dnsSettings
         }