Quad9 JSON-based DNS service retires 5 May, 2025
Quad9 is sunsetting our JSON-based DNS lookup service on TCP port 5053, and will retire the service on 5 May, 2025. We encourage any users of this system to migrate to DNS-over-HTTPS (DOH) on port 443 or DNS-over-TLS (DOT) on port 853, both of which use IETF standards for DNS delivery in a secure manner.
Background: Prior to the standardization of DNS-over-HTTPS, there were various experimental efforts geared towards providing DNS results via transport methods that were secured with TLS. One of these methods was delivery of DNS results via JSON over HTTPS. In 2017, Quad9 deployed a variant of this service prior to the standardization of DNS-over-HTTPS.
This JSON-based service has had diminishing query volume, is using a non-standard protocol, and services based on standard protocols are available and will continue to be supported – namely, the commonly used DoH and DOT encrypted DNS services. To reduce our risk profile and keep operational complexity lower, we have decided to remove support for this method after a six-month transition and sunset period.
The service will continue to work until 05 May 2025, but the platform will start handing back “302 Redirect” responses from more cities as we migrate the service to a smaller number of responding locations. This will mean slower responses as the replies will not ultimately be answered from our widely-distributed anycast nodes, and those centralized unicast responders will then be taken offline on 05 May 2025. Software that does not support HTTP standards such as “302 Redirect” may encounter difficulty or outright failures immediately as we redirect individual locations on our anycast network to unicast responders. This process has already started with some test cities responding with “302 Redirect” and this redirection strategy will expand to our entire network over the coming weeks. Additionally, during this transition phase on modified locations, only “GET” requests will be accurately fulfilled.
We apologize if this causes an inconvenience. We are focusing our team and development energy on expanding the network and ensuring our primary services are performant and secure. If this is a required service for your infrastructure, we would suggest standing up a JSON DNS responder locally, as this may provide the interim or long-term solution necessary before conversion to DOH or DOT protocols.
