DNS over TLS (DoT) / DNS over HTTPS (DoH)

In addition to the classic, recursive name servers (DNS resolvers), SCC also provides DNS resolvers for use via TLS (DNS over TLS) and HTTPS (DNS over HTTPS) as part of a trial operation.

These can be configured instead of or in addition to the classic name servers, depending on the application or operating system. When using DNS over TLS and DNS over HTTPS, DNS requests to the DNS servers are encrypted by the end system and the identity of the DNS servers is verified, resulting in improved privacy and security.

The service is provided over IPv6 only.

DNS over TLS

The DNS over TLS service is available at the following IP addresses within KITnet:

  • 2a00:1398::53:853:1
  • 2a00:1398::53:853:2

The hostname used is dot.scc.kit.edu. This can or must be specified depending on the application or operating system used in order to verify the identity of the DNS server.

DNS over HTTPS

The DNS over HTTPS service is available at the URL https://doh.scc.kit.edu/dns-query within KITnet.

Alternatively, the following IP addresses can be configured:

  • 2a00:1398::53:443:1
  • 2a00:1398::53:443:2

The hostname used is doh.scc.kit.edu. This can or must be specified depending on the application or operating system used in order to verify the identity of the DNS server.

Operating system/application support

The following is a list of operating systems and applications known to support DNS over TLS or DNS over HTTPS.

  • Android: Support for DNS over TLS since Android 9 via system settings.
  • Linux: Support for DNS over TLS through current versions of systemd-resolved
  • Windows 11: Support for DNS over HTTPS after manual registration of the DNS over HTTPS servers
  • iOS and macOS: Support of DNS over HTTPS since iOS 14 and macOS 11 via configuration profiles

 

systemd-resolved

File /etc/systemd/resolved.conf:

[Resolve]
DNS=2a00:1398::53:853:1#dot.scc.kit.edu 2a00:1398::53:853:2#dot.scc.kit.edu

DNSOverTLS=yes

 

Firefox and Thunderbird

Native support for DNS over HTTPS.

Settings → Network Settings → Settings...

  • Enable DNS over HTTPS: Yes
  • Use provider: Custom
  • Custom: https://doh.scc.kit.edu/dns-query

 

Google Chrome

Native support for DNS over HTTPS.

Settings → Privacy and security → Use secure DNS.

  • With: Custom
  • URL: https://doh.scc.kit.edu/dns-query