Saucepan

User Tools

Site Tools

Trace: grid_join bind_configure_guide dynamic_dns wireshark ocsp firewall_rules high_availability url-filtering
dns:dot_doh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
dns:dot_doh [2024/04/30 07:15] bstafforddns:dot_doh [2025/07/28 20:58] (current) – [Quad9 DoH] bstafford
Line 2: Line 2:
 [[https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet|Firefox Canary domain]]. If it returns an IP, DoH will be used [[https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet|Firefox Canary domain]]. If it returns an IP, DoH will be used
 <code>use-application-dns.net</code> <code>use-application-dns.net</code>
 +
 +[[https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers|Public list of DoH servers]].
 +
  
 ===== Google DoH ===== ===== Google DoH =====
 Official [[https://developers.google.com/speed/public-dns/docs/doh|documentation]] Official [[https://developers.google.com/speed/public-dns/docs/doh|documentation]]
-<code>https://dns.google/dns-query=www.google.com</code>+Interactive web page [[https://dns.google|here]]. Add ''-v'' for verbose mode. 
 +<code>curl -H "accept: application/dns-json" "https://dns.google/resolve?name=www.google.com&type=A"</code> 
 + 
 +Note: There is also a human-friendly web interface at https://dns.google/. This web app displays JSON results in a browser but does not implement an API; do not confuse its https://dns.google/query? URLs with the two API URLs. 
 +It will return the following 
 +<code>{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"www.google.com.","type":1}],"Answer":[{"name":"www.google.com.","type":1,"TTL":128,"data":"172.217.16.228"}]}</code> 
 + 
 +Which breaks out to 
 +<code>
 +    "Status":0, 
 +    "TC":false, 
 +    "RD":true, 
 +    "RA":true, 
 +    "AD":false, 
 +    "CD":false, 
 +    "Question": 
 +    [ 
 +        { 
 +            "name":"www.google.com.", 
 +            "type":
 +        } 
 +    ], 
 +    "Answer": 
 +    [ 
 +        { 
 +            "name":"www.google.com.", 
 +            "type":1, 
 +            "TTL":128, 
 +            "data":"172.217.16.228" 
 +        } 
 +    ] 
 +}</code> 
 +===== Cloudflare DoH ===== 
 +Add ''-v'' for verbose mode. 
 +<code>curl -H "accept: application/dns-json" "https://cloudflare-dns.com/dns-query?name=www.google.com&type=A"</code> 
 +Response is the same as for Google (above) but doesn't have the extra . at the end of the domains. 
 + 
 +===== Quad9 DoH ===== 
 +<code>curl -H "accept: application/dns-json" "https://dns.quad9.net/dns-query?name=www.google.com&type=A"</code> 
 +===== Infoblox B1TD DoH ===== 
 +Following RFC, the endpoint should receive a base64 encoded HTTP friendly DNS packed. 
 +<code>https://f11a1d22-ebec-2222-1111-52992759684b.doh.threatdefense.infoblox.com/dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB</code> 
 +Test with dog 
 +<code>dog lookup.dog -H @https://f11a1d22-ebec-2222-1111-52992759684b.doh.threatdefense.infoblox.com/dns-query</code>
dns/dot_doh.1714461307.txt.gz · Last modified: by bstafford