Skip to content

Since sing-box 1.12.0

DNS over HTTPS (DoH)

Structure

{
  "dns": {
    "servers": [
      {
        "type": "https",
        "tag": "",

        "server": "",
        "server_port": 443,

        "path": "",
        "headers": {},

        "tls": {},

        // Dial Fields
      }
    ]
  }
}

Difference from legacy HTTPS server

  • The old server uses default outbound by default unless detour is specified; the new one uses dialer just like outbound, which is equivalent to using an empty direct outbound by default.
  • The old server uses address_resolver and address_strategy to resolve the domain name in the server; the new one uses domain_resolver and domain_strategy in Dial Fields instead.

Fields

server

Required

The address of the DNS server.

If domain name is used, domain_resolver must also be set to resolve IP address.

server_port

The port of the DNS server.

853 will be used by default.

path

The path of the DNS server.

/dns-query will be used by default.

headers

Additional headers to be sent to the DNS server.

tls

TLS configuration, see TLS.

Dial Fields

See Dial Fields for details.