Does DC use DoT for resolving mail server names?

Hi there, I am seeing DNS over TLS traffic to, and the JA3 hash belongs to haproxy on iOS in the duckduckgo library. When I block this in the firewall I see the iOS device resolving the mail server name used by DC for IMAP via regular DNS:

This sounds like DC is using a duckduckgo(?) library to do DNS over TLS to CLoudflare.

Can someone confirm this or shed light on how DC actually resolved domain names?

1 Like