Updated: 25 Mar 2023
Technitium DNS Server is a cross-platform, free, open source software that is easy to deploy and use yet pack powerful features. Starting with the version 11.0 release, the DNS server now supports DNS-over-QUIC encrypted DNS protocol in addition to existing DNS-over-TLS and DNS-over-HTTPS encrypted DNS protocols. With this update, you will be able to use DNS-over-QUIC protocol with a forwarder or connditional forwarder, or host your own DNS-over-QUIC service.
The DNS server has also added support for HTTP/3 for both its web console and DNS-over-HTTPS service. Since HTTP/3 also uses QUIC tranport protocol, the requirements and configuration mentioned in this post also applies to it.
Let's see how to configure the DNS server to use the new QUIC transport protocol.
The DNS-over-QUIC protocol uses a very new QUIC transport protocol which is not yet available on all platforms. Currently it is available only on Windows and Linux platforms. The .NET Runtime relies on the msquic library which is an implementation of QUIC protocol by Microsoft.
The support for QUIC on Windows is only available on following Windows versions:
- Windows 11 (build 22000 or later)
- Windows Server 2022
The above supported Windows version have msquic already installed and thus there is no additional installation needed. There is no option yet to use the QUIC protocol on Windows 10 or older versions. However, it is possible to use it on Windows 10 by using docker container deployments.
On Linux, you need to install libmsquic to enable QUIC protocol support. You can install it using Microsoft Software Repository for Linux. You can follow the instructions given in the link to add the software repository on your distro as shown in examples below:
curl -sSL https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc sudo apt-add-repository https://packages.microsoft.com/ubuntu/22.04/prod sudo apt-get update
Raspberry Pi OS
curl -sSL https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - sudo apt-add-repository https://packages.microsoft.com/debian/11/prod sudo apt-get update
Once you have the Microsoft Software Repository installed on your distro, you can proceed to install libmsquic. But libmsquic library requires openssl v1.1.1 to be installed and is currently not compatible with openssl v3.x release that is by default installed on some new distros like Ubuntu 22.04. You can check which openssl version you have installed by running the following command:
$ openssl version OpenSSL 1.1.1f 31 Mar 2020
If you see the output something like shown above then you are all set. Raspberry Pi OS has the version 1.1.1 installed so you do now have to worry about it. If you see version 3.x installed, you will need to install the version 1.1.1 for libmsquic to work.To install openssl v1.1.1 on Ubuntu 22.04, follow the steps given below to install the pre-built binaries that are made available by Ubuntu:
wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.1.1f-1ubuntu2.17_amd64.deb wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_1.1.1f-1ubuntu2.17_amd64.deb wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2.17_amd64.deb sudo dpkg -i libssl-dev_1.1.1f-1ubuntu2.17_amd64.deb sudo dpkg -i openssl_1.1.1f-1ubuntu2.17_amd64.debNote! If the above specified binaries are not available, then you can just check the current version that is available from here and use the correct URL for the available version to run the above commands.
Once you have installed the above openssl binaries, run the openssl version command again to confirm that you have the correct version installed.
You can now proceed to install libmsquic library as shown below:
sudo apt-get update sudo apt-get install libmsquic -y
Now restart the DNS server so that it loads the newly installed libmsquic library. Once the DNS server is available, you can use the DNS-over-QUIC protocol with forwarder or conditional forwarder configuration, or with the DNS Client tab in the DNS server web console. If you wish to run your own DNS-over-QUIC service, you can enable it from the Settings > Optional Protocols section similar to how you would enable the other encrypted DNS protocols.
If you have enabled HTTPS and configured a TLS certificate for the DNS web console, the web service will now automatically enable HTTP/3 support which will be available on UDP port 443.
If you have any comments or queries, do let me know in the comments section below or send an email to firstname.lastname@example.org.