diff --git a/internal/configuration/settings/dns.go b/internal/configuration/settings/dns.go
index acd57ce5..4bf62b06 100644
--- a/internal/configuration/settings/dns.go
+++ b/internal/configuration/settings/dns.go
@@ -61,7 +61,7 @@ var (
 )
 
 func (d DNS) validate() (err error) {
-	if !helpers.IsOneOf(d.UpstreamType, "dot", "plain") {
+	if !helpers.IsOneOf(d.UpstreamType, "dot", "doh", "plain") {
 		return fmt.Errorf("%w: %s", ErrDNSUpstreamTypeNotValid, d.UpstreamType)
 	}
 
diff --git a/internal/dns/settings.go b/internal/dns/settings.go
index 60309804..ae3bb6a4 100644
--- a/internal/dns/settings.go
+++ b/internal/dns/settings.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/qdm12/dns/v2/pkg/doh"
 	"github.com/qdm12/dns/v2/pkg/dot"
 	cachemiddleware "github.com/qdm12/dns/v2/pkg/middlewares/cache"
 	"github.com/qdm12/dns/v2/pkg/middlewares/cache/lru"
@@ -55,6 +56,15 @@ func buildServerSettings(settings settings.DNS,
 		if err != nil {
 			return server.Settings{}, fmt.Errorf("creating DNS over TLS dialer: %w", err)
 		}
+	case "doh":
+		dialerSettings := doh.Settings{
+			UpstreamResolvers: upstreamResolvers,
+			IPVersion:         ipVersion,
+		}
+		dialer, err = doh.New(dialerSettings)
+		if err != nil {
+			return server.Settings{}, fmt.Errorf("creating DNS over HTTPS dialer: %w", err)
+		}
 	case "plain":
 		dialerSettings := plain.Settings{
 			UpstreamResolvers: upstreamResolvers,