Does 1.1.1.1 reply with Alt-Svc to support DNS over HTTP/3 (QUIC)?

dnscrypt-proxy just added support for DNS over HTTP/3. This works when using Google 8.8.8.8 as the upstream resolver, but not when using 1.1.1.1.

After some debugging, it seems that when Google answers requests from dnscrypt-proxy, it includes the Alt-Svc header with the correct h3 data, which is required for dnscrypt-proxy to know to switch to using DNS over HTTP/3. 1.1.1.1 does not appear to do this - no Alt-Svc header with the h3 port is included in the response from Cloudflare.

Is this something that’s known, or needs to be enabled by Cloudflare on replies from 1.1.1.1? Or does 1.1.1.1 expect something in the HTTP POST request from dnscrypt-proxy in order to include Alt-Svc?

Hi @bluescreen , thank you for raising this. There’s an issue we need to fix, and before it, you should be able to use https://cloudflare-dns.com/dns-query for DNS over HTTP/3.

(post deleted by author)

Thanks for the reply!

I’m not sure I completely follow you - has the fix been applied yet, or does it still need to be updated?

Is this an issue with using 1.1.1.1/dns-query vs Cloudflare-dns[.]com/dns-query for DNS over HTTP/3? I thought dnscrypt-proxy was already using Cloudflare-dns[.]com (because of SNI).

No, the fix has not been applied yet, meaning DNS over HTTP/3 is not enabled on https://1.1.1.1/dns-query.

Hi
Has this been fixed yet?

Is there an update on this?

Does https://dns.cloudflare.com/dns-query or https://1.1.1.1/dns-query support DNS over HTTP/3 yet?

Just a hunch - this is a newsworthy update that would need an official announcement. That includes a technical blog post, documentation, updated tools etc.

This is probably why it hasn’t fully shipped yet.

Hi @anthonyb,

You should be able to use https://cloudflare-dns.com for DNS over HTTP/3.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.