Limitations

Given here are the limitations for DNS-over-HTTPS of Cisco Security for Chromebook client.

Limitation	Description
Internal Domains	ChromeOS does not allow configuration of customers' internal domains, which affects configurations involving split domains or split brain DNS configurations. However, if DNS-over-HTTPS (DoH) cannot resolve internal domains, ChromeOS does a local resolution as a backup. To address this situation, you can use the "DNS-over-HTTPS with insecure fallback" configuration in Google Workspace. For detailed steps, see Enabling DNS-over-HTTPS with Insecure Fallback guide.
Virtual Appliance	Virtual Appliance (VA) detection and backoff is not supported by the DNS-over-HTTPS based solution because of ChromeOS limitations. However, customers should not face any issues with DNS resolutions in Chromebooks because of this limitation.

Limitation

Description

Internal Domains

ChromeOS does not allow configuration of customers' internal domains, which affects configurations involving split domains or split brain DNS configurations. However, if DNS-over-HTTPS (DoH) cannot resolve internal domains, ChromeOS does a local resolution as a backup. To address this situation, you can use the "DNS-over-HTTPS with insecure fallback" configuration in Google Workspace. For detailed steps, see Enabling DNS-over-HTTPS with Insecure Fallback guide.

Virtual Appliance

Virtual Appliance (VA) detection and backoff is not supported by the DNS-over-HTTPS based solution because of ChromeOS limitations. However, customers should not face any issues with DNS resolutions in Chromebooks because of this limitation.

Prerequisites > Limitations > Google Workspace Identity Service