Automatic discovery (DDR, RFC 9462) now designates dnsdoh.art directly for DNS over HTTPS, DNS over TLS and DNS over QUIC. The temporary discovery name has been retired.
What changed. The certificate served on every transport now carries both the site names and the resolver address 194.180.189.33. Strict clients such as Windows 11 verify the designation against that pair and fill in https://dnsdoh.art/dns-query, the same address shown everywhere on this site. DNS over TLS and DNS over QUIC are now verified designations as well, not just DoH.
The certificate is short-lived with fully automated renewal and monitoring, and its key is pinned with DANE TLSA records in the DNSSEC-signed zone, unchanged on renewal.
The DDR discovery answer now points at dnsdoh.art for DoH, DoT and DoQ. One name, one certificate carrying the resolver IP, verified on every transport.