Hi there, I am seeing DNS over TLS traffic to one.one.one.one, and the JA3 hash belongs to haproxy on iOS in the duckduckgo library. When I block this in the firewall I see the iOS device resolving the mail server name used by DC for IMAP via regular DNS:
This sounds like DC is using a duckduckgo(?) library to do DNS over TLS to CLoudflare.
Can someone confirm this or shed light on how DC actually resolved domain names?