Tech News
← Back to articles

Quad9 DOH HTTP/1.1 Retirement, December 15, 2025

2025-12-03 | original
read original related products more articles

October 9, 2025 blog

DOH HTTP/1.1 Retirement December 15, 2025

Summary

Quad9 will be discontinuing support within DNS-over-HTTPS (DOH) using HTTP/1.1 on December 15, 2025. This should have no impact on most users, but there are some older or non-compliant devices or software which may be unsupported after that time with DOH and which will have to revert to unencrypted DNS or shift to DNS-over-TLS.

Background

Quad9 was the first large-scale recursive resolver to offer standards-based encryption (DNS-over-TLS in 2017). We also provide DNS-over-HTTPS (DOH) as an encryption method, which has been slowly increasing as a percentage of our traffic since standardization and our inclusion of that protocol in 2018. Browsers have been the primary devices operating with DOH, which has some benefits: browsers are updated frequently and are typically kept up to date with newer standards.

The DOH standard recommends HTTP/2 as the lowest version of the protocol for use for DOH (https://datatracker.ietf.org/doc/html/rfc8484#section-5.2) but does not rule out using the older HTTP/1.1 standard. We have supported both HTTP/1.1 and HTTP/2 since our inclusion of DOH in our protocol stack seven years ago. However, we are reaching the end of life for the libraries and code that support HTTP/1.1 in our production environment and, therefore, will be sunsetting support for DOH over HTTP/1.1 on December 15, 2025.

Are you affected?

This sunsetting of HTTP/1.1 should not be noticed by the vast majority of our user community who are using Chrome (or any Chromium-based browser or stack), Firefox or Firefox forked projects, Safari (and to our knowledge all other Apple products/apps), or Android and iOS operating systems. They are all fully compliant with our existing and future DOH implementations and, to our knowledge, have always been compliant.

If your platform does not work without the older HTTP/1.1 protocol, then we would suggest you upgrade your system or shift to DNS-over-TLS which does not have an HTTP layer. There is always the possibility of moving to unencrypted DNS, but that decision should be closely considered as a downgrade of security and needs to be made carefully if you are in a network environment of higher risk.

... continue reading

Related:
Gear News of the Week: Google Drops Another Android Update, and the Sony A7 V Is Here
Apple @ Work: Apple brings built-in recovery intelligence to macOS 26
Whisker's Litter-Robot Just Became the First Automatic Litter Box Eligible for HSA and FSA Spending
Pixel owners: You can now use your phone as a Switch 2 webcam
The Debug Adapter Protocol is a REPL protocol in disguise

© 2025 GoKawiil