Sunday, February 19, 2023

Configuring DNS-over-QUIC and HTTPS/3 For Technitium DNS Server

Updated: 25 Mar 2023

Technitium DNS Server is a cross-platform, free, open source software that is easy to deploy and use yet pack powerful features. Starting with the version 11.0 release, the DNS server now supports DNS-over-QUIC encrypted DNS protocol in addition to existing DNS-over-TLS and DNS-over-HTTPS encrypted DNS protocols. With this update, you will be able to use DNS-over-QUIC protocol with a forwarder or connditional forwarder, or host your own DNS-over-QUIC service.

The DNS server has also added support for HTTP/3 for both its web console and DNS-over-HTTPS service. Since HTTP/3 also uses QUIC tranport protocol, the requirements and configuration mentioned in this post also applies to it.

Let's see how to configure the DNS server to use the new QUIC transport protocol.


The DNS-over-QUIC protocol uses a very new QUIC transport protocol which is not yet available on all platforms. Currently it is available only on Windows and Linux platforms. The .NET Runtime relies on the msquic library which is an implementation of QUIC protocol by Microsoft.

For Windows

The support for QUIC on Windows is only available on following Windows versions:

  • Windows 11 (build 22000 or later)
  • Windows Server 2022

The above supported Windows version have msquic already installed and thus there is no additional installation needed. There is no option yet to use the QUIC protocol on Windows 10 or older versions. However, it is possible to use it on Windows 10 by using docker container deployments.

For Linux

On Linux, you need to install libmsquic to enable QUIC protocol support. You can install it using Microsoft Software Repository for Linux. You can follow the instructions given in the link to add the software repository on your distro as shown in examples below:

  • Ubuntu 22.04
    curl -sSL | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc
    sudo apt-add-repository
    sudo apt-get update
  • Raspberry Pi OS
    curl -sSL | sudo apt-key add -
    sudo apt-add-repository
    sudo apt-get update

Once you have the Microsoft Software Repository installed on your distro, you can proceed to install libmsquic. But libmsquic library requires openssl v1.1.1 to be installed and is currently not compatible with openssl v3.x release that is by default installed on some new distros like Ubuntu 22.04. You can check which openssl version you have installed by running the following command:

$ openssl version
OpenSSL 1.1.1f  31 Mar 2020

If you see the output something like shown above then you are all set. Raspberry Pi OS has the version 1.1.1 installed so you do now have to worry about it. If you see version 3.x installed, you will need to install the version 1.1.1 for libmsquic to work.

To install openssl v1.1.1 on Ubuntu 22.04, follow the steps given below to install the pre-built binaries that are made available by Ubuntu:
sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb
sudo dpkg -i libssl-dev_1.1.1f-1ubuntu2.17_amd64.deb
sudo dpkg -i openssl_1.1.1f-1ubuntu2.17_amd64.deb
Note! If the above specified binaries are not available, then you can just check the current version that is available from here and use the correct URL for the available version to run the above commands.

Once you have installed the above openssl binaries, run the openssl version command again to confirm that you have the correct version installed.

You can now proceed to install libmsquic library as shown below:

sudo apt-get update
sudo apt-get install libmsquic -y

Now restart the DNS server so that it loads the newly installed libmsquic library. Once the DNS server is available, you can use the DNS-over-QUIC protocol with forwarder or conditional forwarder configuration, or with the DNS Client tab in the DNS server web console. If you wish to run your own DNS-over-QUIC service, you can enable it from the Settings > Optional Protocols section similar to how you would enable the other encrypted DNS protocols.

If you have enabled HTTPS and configured a TLS certificate for the DNS web console, the web service will now automatically enable HTTP/3 support which will be available on UDP port 443.

If you have any comments or queries, do let me know in the comments section below or send an email to

Saturday, February 18, 2023

Technitium DNS Server v11 Released!

I am happy to announce the release of Technitium DNS Server v11, a cross-platform, free, open source software that can be used by anyone, be it a novice or an expert user. It features an easy to use web based GUI and works with default config that allows the server to run out-of-the-box.

Download the latest update for Windows, Linux, macOS, or Raspberry Pi!

Technitium DNS Server
Technitium DNS Server v11

This is a major release that now runs on ASP.NET Core 7 Runtime as the DNS server now uses Kestrel web server for both its web console and also for DNS-over-HTTPS service. With this change, the DNS server now supports HTTP/2 and HTTP/3 for both DNS-over-HTTPS service and also for the DNS web console. It also now supports DNS-over-QUIC encrypted DNS protocol and many new features.

Read the change log to know full details about this latest update.

Any comment or feedback is really appreciated and helps a lot in adding new features and fixing bugs. Send your feedback or support requests to You can also post on /r/technitium on Reddit for community support. For any feature request or reporting bugs, create an issue on GitHub.

The DNS Server source code is available under GNU General Public Licence (GPL) v3 on GitHub.

Make a contribution to the project and help in developing new software, updates and adding more features possible.
Donate Now!