.. _config-network-server-tls:
-DoT and DoH (encrypted DNS)
+DoT, DoH and DoQ (encrypted DNS)
---------------------------
.. warning::
DNS-over-TLS server (:rfc:`7858`) can be configured using ``dot`` kind in
:option:`network/listen <network/listen: <list>>`. It is enabled on localhost by default.
-For certificate configuration, refer to :ref:`dot-doh-config-options`.
+For certificate configuration, refer to :ref:`dot-doh-doq-config-options`.
.. _dns-over-https:
``GET``, ``POST``, or ``HEAD``
-.. _dot-doh-config-options:
+.. _dot-doh-doq-config-options:
-Configuration options for DoT and DoH
+Configuration options for DoT, DoH and DoQ
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. note::
- These settings affect both DNS-over-TLS and DNS-over-HTTPS (including the legacy implementation).
+ These settings affect DNS-over-TLS, DNS-over-HTTPS (including the legacy implementation) and DNS-over-QUIC.
A self-signed certificate is generated by default.
For serious deployments it is strongly recommended to configure your own TLS certificates signed by a trusted CA.
.. end
.. _pfs: https://en.wikipedia.org/wiki/Forward_secrecy
+
+.. _dns-over-quic:
+
+DNS-over-QUIC (DoQ)
+^^^^^^^^^^^^^^^^^^^^
+.. note::
+ Forwarding over QUIC is not currently supported.
+
+DNS-over-QUIC server (:rfc:`9250`) can be configured using ``doq`` kind in
+:option:`network/listen <network/listen: <list>>`.
+
+For certificate configuration, refer to :ref:`dot-doh-doq-config-options`.
projects / thirdparty / knot-resolver.git / commitdiff
