diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index dfd326d6..9d846705 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -129,8 +129,8 @@ func Commands() []*cli.Command {
 				},
 				&cli.StringSliceFlag{
 					Name:    "upstream",
-					Usage:   "Upstream endpoint URL, you can specify multiple endpoints for redundancy.",
-					Value:   cli.NewStringSlice("https://1.1.1.1/dns-query", "https://1.0.0.1/dns-query"),
+					Usage:   "Upstream endpoint URL, you can specify multiple endpoints for redundancy. If required, the Host header can be manually set by appending a hash to the URL.",
+					Value:   cli.NewStringSlice("https://1.1.1.1/dns-query", "https://[2606:4700:4700::1111]/dns-query", "https://1.0.0.1/dns-query", "https://[2606:4700:4700::1001]/dns-query"),
 					EnvVars: []string{"TUNNEL_DNS_UPSTREAM"},
 				},
 			},
@@ -934,8 +934,8 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 		}),
 		altsrc.NewStringSliceFlag(&cli.StringSliceFlag{
 			Name:    "proxy-dns-upstream",
-			Usage:   "Upstream endpoint URL, you can specify multiple endpoints for redundancy.",
-			Value:   cli.NewStringSlice("https://1.1.1.1/dns-query", "https://1.0.0.1/dns-query"),
+			Usage:   "Upstream endpoint URL, you can specify multiple endpoints for redundancy. If required, the Host header can be manually set by appending a hash to the URL.",
+			Value:   cli.NewStringSlice("https://1.1.1.1/dns-query", "https://[2606:4700:4700::1111]/dns-query", "https://1.0.0.1/dns-query", "https://[2606:4700:4700::1001]/dns-query"),
 			EnvVars: []string{"TUNNEL_DNS_UPSTREAM"},
 			Hidden:  shouldHide,
 		}),
diff --git a/tunneldns/https_upstream.go b/tunneldns/https_upstream.go
index 57f51deb..209e2261 100644
--- a/tunneldns/https_upstream.go
+++ b/tunneldns/https_upstream.go
@@ -35,6 +35,10 @@ func NewUpstreamHTTPS(endpoint string) (Upstream, error) {
 
 	// Update TLS and HTTP client configuration
 	tls := &tls.Config{ServerName: u.Hostname()}
+	if u.Fragment != "" {
+		// Allow server name override via anchor on the url
+		tls.ServerName = u.Fragment
+	}
 	transport := &http.Transport{
 		TLSClientConfig:    tls,
 		DisableCompression: true,
@@ -84,6 +88,10 @@ func (u *UpstreamHTTPS) exchangeWireformat(msg []byte) ([]byte, error) {
 
 	req.Header.Add("Content-Type", "application/dns-message")
 	req.Host = u.endpoint.Host
+	if u.endpoint.Fragment != "" {
+		// Allow server name override via anchor on the url
+		req.Host = u.endpoint.Fragment
+	}
 
 	resp, err := u.client.Do(req)
 	if err != nil {