DoH vs. DoT explained
DoT stands for DNS over TLS, which uses the TLS protocol to transmit the DNS protocol. TLS protocol is one of the most commonly used secure encryption protocols on the Internet, and the security basis for accessing HTTPS is based on the TLS protocol. Compared with the previous UDP mode of connectionless and encryption, TLS itself has achieved confidentiality and integrity.
DoH stands for DNS over HTTPS, which uses HTTPS to transmit the DNS protocol. DoH security principles are the same as DoT, except that DoH is encapsulated in HTTPS format and is more versatile. DNS over HTTPS is a standard that is still in the proposed stage, published by the IETF in RFC 8484 (October 2018). Protocol Documentation:The hyperlink login is visible.
DoT connects DNS servers via TLS on a dedicated port, while DoH is based on using the HTTPS application layer protocol to send queries to a specific HTTP endpoint on the HTTPS port.The port number of the DoT is853, DoH port number443。
Domestic service providers
1. Alibaba public DNS
The DNS provided by Alibaba, in the testing phase, is contaminated.
DoT address:
dns.alidns.com
223.5.5.5
223.6.6.6
DoH address:
RFC8484 Address:
https://dns.alidns.com/dns-query
https://223.5.5.5/dns-query
https://223.6.6.6/dns-query
JSON address:
https://dns.alidns.com/resolve
https://223.5.5.5/resolve
https://223.6.6.6/resolve
http://dns.alidns.com/resolve
http://223.5.5.5/resolve
http://223.6.6.6/resolve
2. DnsPod public DNS
The DNS provided by Tencent, in the testing phase, is contaminated.
DoT address: dns.pub or doh.pub
DoH address:The hyperlink login is visible.
3、360DNS
The DNS provided by 360, the DOH service address built into the 360 browser, is contaminated.
DoT address: dot.360.cn
DoH address: doh.360.cn
Developer calls:
DoH can be called in two ways: RFC8484 and JSON:
RFC8484:The hyperlink login is visible.
JSON:The hyperlink login is visible.
4. China's next-generation Internet public DNS.
DoT address: dns.cfiec.net
DoH address:The hyperlink login is visible.
4. Redfish DNS
DoT address: rubyfish.cn
DoH address:The hyperlink login is visible.
5、GEEKDNS
Public welfare site, no stability commitment, support EDNS-Client-Subnet.
DOH Address (Domestic) :The hyperlink login is visible.
DOH Address (Abroad):The hyperlink login is visible.
2. Foreign service providers
1. Cloudflare public DNS
Resolution servers from Cloudflare, a well-known cloud service provider.
DoT address:
1.1.1.1
1.0.0.1
cloudflare-dns.com
DoH address:
https://1.1.1.1/dns-query
https://1.0.0.1/dns-query
https://1dot1dot1dot1.cloudflare-dns.com
2. Google public DNS
DoT address:
dns.google
8.8.8.8
8.8.4.4
DoH address:
RFC8484(GET/POST):
https://dns.google/dns-query
https://8.8.8.8/dns-query
https://8.8.4.4/dns-query
JSON(GET):
https://dns.google/resolve
https://8.8.8.8/resolve
https://8.8.4.4/resolve
3、DNS. SB
The server is located abroad, but the delay is considerable, and EDNS-Client-Subnet is supported.
DoT address:
dns.sb
185.222.222.222
185.184.222.222
2a09::
2a09::1
DoH address:The hyperlink login is visible.
4、AdGuard DNS
There is ad blocking, Anycast is used, and nodes exist in many places around the world.
DoT address:
Default server: dns.adguard.com
Home Protection Server: dns-family.adguard.com
Non-filtered servers: dns-unfiltered.adguard.com
DoH address:
Default server:The hyperlink login is visible.
Home Protection Server:The hyperlink login is visible.
Non-filtered servers:The hyperlink login is visible.
DNS-over-QUIC address:
Default server: quic://dns.adguard.com
Home Protection Server: quic://dns-family.adguard.com
Non-filtered servers: quic://dns-unfiltered.adguard.com
DNSCrypt address:
Default server: sdns://AQIAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20
Home Protection Server: sdns://AQIAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMjo1NDQzILgxXdexS27jIKRw3C7Wsao5jMnlhvhdRUXWuMm1AFq6ITIuZG5zY3J5cHQuZmFtaWx5Lm5zMS5hZGd1YXJkLmNvbQ
Non-filtered server: sdns://AQcAAAAAAAAFDE3Ni4xMDMuMTMwLjEzNjo1NDQzILXoRNa4Oj4-EmjraB--pw3jxfpo29aIFB2_LsBmstr6JTIuZG5zY3J5cHQudW5maWx0ZXJlZC5uczEuYWRndWFyZC5jb20
Use Postman to test Cloudflare's DNS over HTTPS
Cloudflare's DNS over HTTPS endpoint also supports the JSON format for querying DNS data. Cloudflare chose the Internet Engineering Task Force (IETF) due to the lack of an agreed DNS over HTTPS JSON schemaIt follows the same architecture as Google's DNS over HTTPS resolver。
Queries in JSON format are sent using GET requests. When making a request using GET, DNS queries are encoded into the URL. The client should include an HTTP request header field of type application/dns-json of type AcceptMIME to indicate that the client is able to accept JSON responses from DNS via the HTTPS resolver.
Reference:
The hyperlink login is visible.
The hyperlink login is visible.
The hyperlink login is visible.
The hyperlink login is visible.
|
Posted on 2023-8-23 21:33:12
|
|
|
|
Landlord|
Posted on 2023-8-24 18:44:57
|
