0

QUIC settings with AdGuard

Does anyone know if "qic://" and "853" are still mandatory in the address when you add NextDNS within Adguard DNS settings?

quic://iPhone-userID.dns.nextdns.io:853

12 replies

null
    • Martheen
    • 3 mths ago
    • Reported - view

    The protocol prefix is still mandatory, otherwise, it can't tell whether you want to use DoT or DoQ. By now it will automatically assume port 853 for both DoT & DoQ if the port number isn't specified.

    • xor.1
    • 3 mths ago
    • Reported - view

    Yes, the quic:// scheme (or protocol) is required if you want to use DoQ in AdGuard DNS and as Martheen pointed out, the port number does not need to be specified:

     

    quic://Device--Name-ID.dns.nextdns.io (DoQ)

    h3://dns.nextdns.io/ID/Device%20Name (force DoH/3)

    tls://Device--Name-ID.dns.nextdns.io (DoT)

    https://dns.nextdns.io/ID/Device%20Name (DoH/3, DoH fallback)

      • Pierre_Cartier
      • 3 mths ago
      • Reported - view

       I tried the h3  format but it returns an "invalid upstream". Are you sure of it?

      However the same format that Quic seems to work : h3://Device-ID.dns.nextdns.io

       

      {
      "status": "ok",
      "protocol": "DOH3",
      "client": "ID",
      "srcIP": "ID",
      "anycast": false,
      "server": "anexia-ath-1",
      "clientName": "unknown-doh3"
      }
      • xor.1
      • 3 mths ago
      • Reported - view

      Hi, the `h3://` format is working for me. Maybe double-check the syntax or ensure everything is set up correctly on your end.

      The syntax for DoQ and DoT is the same, just as the syntax for DoH3 and DoH is identical.

      Confirm that you are using the following as your bootstrap upstreams:

      45.90.28.0
      45.90.30.0

      • Pierre_Cartier
      • 3 mths ago
      • Reported - view

       very strange because after trying to save it several times suddenly it worked 🤷🏻‍♂️

      I typed: h3://iPhone-ID.dns.nextdns.io

      Regarding the bootstrap I used the DNS Servers IP from my profile. Wrong?

       

      45.90.28.XXX

      45.90.30.XXX

      Is yours a generic one?

      Shouldn't I use the one above?

      • xor.1
      • 3 mths ago
      • Reported - view

      using h3://iPhone-ID.dns.nextdns.io is incorrect. Check your Devices in the Analytics tab to see whether your iPhone is listed. Your "deviceName" will show up in test.nextdns.io if it is properly configured. Also, you can check your logs to if your device name is properly detected. You should use NextDNS's IPv4 addresses as the bootstrap and not your profile IPv4 addresses.

    • Pierre_Cartier
    • 3 mths ago
    • Reported - view

    @xor FYI

      • xor.1
      • 3 mths ago
      • Reported - view

      , AdGuard will try to validate the custom (secure) DNS server using the bootstrap DNS server. Just use 45.90.28.0 or 45.90.30.0 as the bootstrap upstreams and you're all set.

      • Pierre_Cartier
      • 3 mths ago
      • Reported - view

       Thanks. However just for my own information I'd like to understand why 45.90.28.0 instead my own NextDNS IP profile. Don't wanna die stupid 😉

      • xor.1
      • 3 mths ago
      • Reported - view

      , the following is quoted from https://adguard.com/kb/adguard-for-windows/solving-problems/dns-leaks/#bootstrap-dns-address:

      Bootstrap DNS address

      The DNS server addresses could be written as IPs or as domain names. In the case of IP addresses there are no difficulties: AdGuard forwards the DNS request directly to the server specified in the DNS protection module. However, encrypted DNS server addresses, like DoT or DoH, are most often written as domain names. In this case, to first resolve the encrypted DNS server address, AdGuard sends a DNS query to the bootstrap address, which is by default a system DNS server. This connection is what check services perceive as a leak.

      To eliminate this leak:

      • go to the Advanced settings
      • scroll down to the List of custom bootstrap addresses section
      • enter the custom bootstrap address in IP address format (you may use the list of known DNS providers)
      • click Save

      Basically, bootstrap servers are used to resolve the address of the encrypted server address and to avoid DNS leaks it would be better to use NextDNS's DNS server than other DNS resolvers like Cloudflare, Quad9, Google, etc. Of course, you may also use your profile IPv4 addresses if it makes you comfortable.

      I suggested using NextDNS's DNS addresses for convenience, so you don't have to memorize the multiple IP addresses associated with your profile. There's no difference between using your custom IP address and the NextDNS DNS address since both are provided by NextDNS.

      • Pierre_Cartier
      • 3 mths ago
      • Reported - view

       For the fun of it I asked ChatGPT 😁

      "When configuring NextDNS, it's generally recommended to use your specific NextDNS IP profile for the bootstrap setting. This ensures that your DNS queries are routed correctly according to your configured settings.

      If you have any specific requirements or troubleshooting needs, you might consider using the alternative IP address like 45.90.28.0."

      • xor.1
      • 3 mths ago
      • Reported - view

      , my reply to your question is still pending review because it contained a URL.

      Basically, bootstrap servers are used to resolve the address of the encrypted server address and to avoid DNS leaks it would be better to use NextDNS's DNS server than other DNS resolvers like Cloudflare, Quad9, Google, etc. Of course, you may also use your profile IPv4 addresses if it makes you comfortable.

      I suggested using NextDNS's DNS addresses for convenience, so you don't have to memorize the multiple IP addresses associated with your profile. There's no difference between using your custom IP address and the NextDNS DNS address since both are provided by NextDNS.

Content aside

  • 3 mths agoLast active
  • 12Replies
  • 431Views
  • 3 Following