DNS Over QUIC (DoQ) Now Available

📅 Published: October 25, 2025 ✍️ By Unruly Citizen Team ⏱️ 6 min read

We've expanded our encrypted DNS infrastructure. Now supporting DoT, DoH, and DoQ on port 784.

Complete Encrypted DNS Coverage

Today, we're announcing full support for DNS over QUIC (DoQ), the latest encrypted DNS protocol. This means our users now have complete encrypted DNS coverage across all modern protocols.

         What's New
        DNS over QUIC (DoQ) on port 784
Faster, lower-latency DNS queries
Better multiplexing for high-volume users
CVE-2025-11411 security patch applied
Zero-logging policy maintained across all protocols

      

Understanding DoQ: The Next Generation

QUIC is the next-generation internet protocol that powers HTTP/3. It addresses many limitations of TCP/TLS, particularly for DNS queries:

Why DoQ Matters

Speed: Lower latency compared to TCP-based DoT
Efficiency: Better connection multiplexing for multiple queries
Reliability: Connection migration improves mobile experience
Privacy: Same encryption level as DoT/DoH with improved performance
Future-Proof: Emerging standard for privacy-conscious applications

How to Use DoQ

If you're already using our DoT/DoH services, switching to DoQ is simple:

# DoQ Configuration
# Server: xyz01-srv.unrulycitizen.com
# Port: 784
# Protocol: DNS over QUIC

# Using kdig (Knot DNS tools):
kdig @xyz01-srv.unrulycitizen.com +quic example.com

# Using getdns CLI:
getdns_query -l -p @xyz01-srv.unrulycitizen.com +dnssec example.com
      

Client support for DoQ is growing rapidly. Check the Knowledge Base for detailed configuration guides for your device.

All Encrypted DNS Protocols Now Supported

We now provide complete encrypted DNS support across three major protocols:

         Our Encrypted DNS Portfolio
        DoT (DNS over TLS) - Port 853 | Mature standard, widely supported
DoH (DNS over HTTPS) - Port 443 | Browser and mobile friendly
DoQ (DNS over QUIC) - Port 784 | Next-generation, high performance

      

No matter which protocol you choose, you get the same benefits: encrypted queries, zero logging, and maximum privacy.

Security Update: CVE-2025-11411

Security Patch Applied

CVE-2025-11411: Possible domain hijacking via promiscuous records in the authority section

Status: ✓ Patched and Deployed

We've proactively patched this vulnerability affecting DNS resolvers. Our infrastructure now includes protections against malicious authority records that could compromise query integrity. This applies to all our encrypted DNS services (DoT, DoH, and DoQ).

What This Means for Your Privacy

With DoQ, DoH, and DoT support, you have complete freedom to choose how your DNS queries are encrypted. Whether you prioritize speed (DoQ), browser integration (DoH), or traditional reliability (DoT), we've got you covered.

Our zero-logging policy remains absolute across all protocols. We don't store your DNS queries, don't track your browsing, and don't sell your data. Period.

Getting Started

Ready to use DoQ? Start here:

Check device support: Not all clients support DoQ yet. Visit our Knowledge Base for compatibility info
Get server details: DoQ endpoint is xyz01-srv.unrulycitizen.com:784
Configure your client: Use kdig, getdns, or your application's DoQ settings
Test your connection: Verify encrypted queries are working properly

See Our Full DoT/DoH Status

Monitor real-time status of all our encrypted DNS services

View Encrypted DNS Status →

The Resistance Continues

DoQ represents the next evolution in privacy technology. As surveillance becomes more sophisticated, so do the tools we build to resist it. With DoT, DoH, and DoQ, you have enterprise-grade privacy tools that major tech companies still aren't offering to consumers.

This is what resistance looks like. Encrypted. Private. Free.

Have questions? Join our community forums or reach out to contact@unrulycitizen.com