diff --git a/proton/vpn/backend/networkmanager/protocol/openvpn/openvpn.py b/proton/vpn/backend/networkmanager/protocol/openvpn/openvpn.py
index 4d3640b..e448719 100644
--- a/proton/vpn/backend/networkmanager/protocol/openvpn/openvpn.py
+++ b/proton/vpn/backend/networkmanager/protocol/openvpn/openvpn.py
@@ -235,6 +235,7 @@ def _modify_connection(self, private_key_passphrase):
         """
         self._set_custom_connection_id()
         self._set_connection_user_owned()
+        self._disable_dns_over_tls()
         self._set_server_certificate_check()
         self._set_dns()
         self._set_vpn_cert_credentials(private_key_passphrase)
@@ -258,6 +259,18 @@ def _set_connection_user_owned(self):
             None
         )
 
+    def _disable_dns_over_tls(self):
+        """Disable DNS-over-TLS for this connection.
+
+        Overrides the global systemd-resolved DNSOverTLS setting so that
+        ProtonVPN's internal DNS server (plain DNS, port 53) is reachable
+        even when the system is configured with DNSOverTLS=yes.
+        """
+        self._connection_settings.set_property(
+            NM.SETTING_CONNECTION_DNS_OVER_TLS,
+            NM.SettingConnectionDnsOverTls.NO
+        )
+
     def _set_server_certificate_check(self):
         appened_domain = "name:" + self._vpnserver.domain
         self._vpn_settings.add_data_item(
diff --git a/proton/vpn/backend/networkmanager/protocol/protun/protun.py b/proton/vpn/backend/networkmanager/protocol/protun/protun.py
index d6736a8..e7b274c 100644
--- a/proton/vpn/backend/networkmanager/protocol/protun/protun.py
+++ b/proton/vpn/backend/networkmanager/protocol/protun/protun.py
@@ -90,6 +90,7 @@ def _modify_connection(self):
         self._set_interface_name()
         self._set_connection_type()
         self._set_connection_user_owned()
+        self._disable_dns_over_tls()
         self.connection.add_setting(self._connection_settings)
 
         self._set_route()
@@ -121,6 +122,18 @@ def _set_connection_user_owned(self):
             None
         )
 
+    def _disable_dns_over_tls(self):
+        """Disable DNS-over-TLS for this connection.
+
+        Overrides the global systemd-resolved DNSOverTLS setting so that
+        ProtonVPN's internal DNS server (plain DNS, port 53) is reachable
+        even when the system is configured with DNSOverTLS=yes.
+        """
+        self._connection_settings.set_property(
+            NM.SETTING_CONNECTION_DNS_OVER_TLS,
+            NM.SettingConnectionDnsOverTls.NO
+        )
+
     def _set_route(self):
         ipv4_config = NM.SettingIP4Config.new()
         ipv6_config = NM.SettingIP6Config.new()
diff --git a/proton/vpn/backend/networkmanager/protocol/wireguard/wireguard.py b/proton/vpn/backend/networkmanager/protocol/wireguard/wireguard.py
index dadf144..1c9f77f 100644
--- a/proton/vpn/backend/networkmanager/protocol/wireguard/wireguard.py
+++ b/proton/vpn/backend/networkmanager/protocol/wireguard/wireguard.py
@@ -178,6 +178,7 @@ def _modify_connection(self):
         self._set_interface_name()
         self._set_connection_type()
         self._set_connection_user_owned()
+        self._disable_dns_over_tls()
         self.connection.add_setting(self._connection_settings)
 
         self._set_route()
@@ -209,6 +210,18 @@ def _set_connection_user_owned(self):
             None
         )
 
+    def _disable_dns_over_tls(self):
+        """Disable DNS-over-TLS for this connection.
+
+        Overrides the global systemd-resolved DNSOverTLS setting so that
+        ProtonVPN's internal DNS server (plain DNS, port 53) is reachable
+        even when the system is configured with DNSOverTLS=yes.
+        """
+        self._connection_settings.set_property(
+            NM.SETTING_CONNECTION_DNS_OVER_TLS,
+            NM.SettingConnectionDnsOverTls.NO
+        )
+
     def _set_route(self):
         ipv4_config = NM.SettingIP4Config.new()
         ipv6_config = NM.SettingIP6Config.new()