Is DoH3 in production and working?
27 replies
-
I’ve noticed that the doh3.dns.NextDNS.io endpoint isn’t doing DOH3 for me anymore from Edge or Firefox. Not sure when it stopped working but it used to do doh3 from those browsers.
-
Chris Leidich So I am not the only one.
DoH3 and DoQ not working not a good time to be be at NextDNS
-
Chris Leidich most recent staff response from a few weeks ago,
"Our apps will stay on DoH, leveraging Quic (DoH3) when available. DoH is more efficient when redundant metadata needs to be transported with the queries (client name etc)."
-
- Pro Subscriber
Greg B. I read in an old thread that you have to manually instruct the CLI to use DOH3 by telling it to use doh3.dns.nextdns.io. Anyone known how do to that?! The only input asked for when installing it is the config-ID and cache settings so can't figure out what to do...
- Pro Subscriber
-
Jörgen I just read on Reddit that DoH3 was abandoned for DoQ. Then, DoH3 is now dead. So, I am pretty confused. Also, CLI is irrelevant for my usage.
-
Greg B. DoH3 isn't DoQ. Specifying the transmission of an application over QUIC requires specifying how the application's messages are mapped to QUIC streams, and generally how the application will use QUIC. This is done for HTTP/3. Also, QUIC connection includes the negotiation of security parameters using TLS. Then, transmitting DNS messages over QUIC will provide essentially the same privacy protections as DoT.
FYI, DoH can also be used with HTTP/3 to get some of he benefits of QUIC, DoH3 :)
Also, you must choose either DoT/DoQ or DoH in NextDNS settings.
-
- Pro Subscriber
Pierre Cartier It sure feels like a real mess right now what is working and not. We are technical users, but how would the majority of "normal" users ever understand and sort these things out.
I'm using DoT right now and it works quite well, but would be nice to try "NextGen" Quic-based queries since the technologies are in place according to NextDNS team. Maybe check back in a few years if things have been sorted out then
- Pro Subscriber
-
Jörgen I was initially on DoQ and switched to DoH because DoQ wasn't working anymore. But chaging port 8853 to 853 solved the problem. Then, I switched back to DoQ. You could give a try.
{ "status": "ok", "protocol": "DOQ", "profile": "xxxx", "client": "xxxxxxxx", "srcIP": "xxxxxxxxx", "destIP": "xxxxxxxxxx", "anycast": false, "server": "netbarista-par-1", "clientName": "unknown-doq", "deviceName": "iPad", "deviceID": "xxxx" }anexia-par 1 ms (anycast2, ultralow1)
■ netbarista-par 1 ms (anycast1, ultralow2)
anexia-lux 6 ms
virtua-par 7 ms
zepto-lon 7 ms
vultr-lon 9 ms
anexia-mrs 11 ms
fusa-bru 11 ms
zepto-mrs 11 ms
zepto-bru 28 ms
-
- Pro Subscriber
Pierre Cartier Are you having the NextDNS-servers in your basement?! 1 ms is pretty good... ;-)
I guess you are using the AdGuard app?! I would like to setup DoH3 on router-level (using ASUS Merlin) for my whole network. Tried the CLI but it only used DOH even if I turned off all options like client-reporting. Will celebrate the day I manage to get DOH3 as the protocol with test.nextdns.io
- Pro Subscriber
-
Jörgen Yes I do use AdGuard Pro on iOS and macOS and I have 1Gb optical fiber. 980Mb in RJ45 and around 500Mb in Wi-Fi 5Ghz.
My configuration is the same on all platforms except on the Apple TV where obviously there is no VPN but where I installed NextDNS configuration file.
On my Firestick only Windscribe is installed. Because I jailbreak it installing NextDNS might caused too many problems with certain movies applications...
Regarding the router I have an Airport Extreme, so I just could add NextDNS IPv4 and IPv6 addresses.
-
- Pro Subscriber
Pierre Cartier Any tips how you get DoQ with the AdGuard Pro client on iOS/iPadOS? Can get it to work…
I found the setting if selecting AdGuard own servers, but not if I create a custom server pointing to NextDNS - Pro Subscriber
-
- Pro Subscriber
Jörgen I figured it out... :-)
- Pro Subscriber
-
Jörgen excellent! FYI I also installed NextDNS configuration file on all my devices in case of a bypass by my VPN or AdGuard. It didn't hurt and everything works fine.
-
- Pro Subscriber
Pierre Cartier Same here... :-) Installed Apple Configuration Profiles on all devices as a failsafe.
Thinking about installing AdGuard Home on my router to get full DoQ for my whole network, but seems a bit overkill since I only want it to handle DoQ traffic to NextDNS.
https://www.snbforums.com/threads/release-asuswrt-merlin-adguardhome-installer-amaghi.76506/
Also found a DNS Proxy from AdGuard which looks really promising if it could be run on my router. Will maybe try it on a rainy day...
- Pro Subscriber
-
Jörgen Good for you! I am retty limited regarding the router because I own an Airport Extreme. So I just could add NextDNS IPv4 and IPv6. But still happy and I don't feel the need to get a new one.
-
- Pro Subscriber
Pierre Cartier I understand... I did a "Proof of concept" today and managed to get a DNS-proxy running DoQ on my ASUS Router for the whole network. Quite cool to see it works, but still some minor issues to fix.
Will probably switch back to DoT for my network and use DoQ on my roaming clients.
- Pro Subscriber
-
Jörgen Glad to hear mate. That's the way to go
-
-
No answer from NextDNS staff?
A bit a transparency would be much appreciated. Thanks. -
Android just got updated to support DoH3, but it seems only google and cloudflare are supported currently :(
https://twitter.com/MishaalRahman/status/1549488111045967872
let's hope NextDNS team can reach out and let google know -
Looks like Doh3 will be available to billions of people within the next few days (If not already) Unfortunately they added
"Google DNS and Cloudflare DNS at launch, others may be added in the future."https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
-
Hi. I started with NextDNS a few days ago. Everything fine so far, but what I don't understand is the issue with DoH3 and working or not?
Tried it with different profile downloads on several devices.
Results:
- 3rd install of macOS Profile results in using DOH3 (DNS over HTTP/3) requests nearly all the time (why no DNS over HTTPS/3?)
- with iOS I tried it several times with iOS Profiles and its always only DNS over HTTS
So why does it need several attempts to work with macOS and why doesn't it work with iOS?I would really like to understand what is going on behind the scenes.
-
Anyone got DoQ working on dnscrypt-proxy?
Content aside
- 3 days agoLast active
- 27Replies
- 3886Views
-
14
Following