diff --git "a/ansible/\\" "b/ansible/\\"
new file mode 100644
index 0000000..677a61d
--- /dev/null
+++ "b/ansible/\\"
@@ -0,0 +1,106 @@
+<!doctype html>
+<html>
+  <head>
+    <title>mydns</title>
+    <link rel="apple-touch-icon" sizes="180x180" href="/static/apple-touch-icon.png">
+    <link rel="icon" type="image/png" sizes="32x32" href="/static/favicon-32x32.png">
+    <link rel="icon" type="image/png" sizes="16x16" href="/static/favicon-16x16.png">
+    <link rel="manifest" href="/static/site.webmanifest">
+    <link rel="stylesheet" href="/static/normalize.css" type="text/css">
+    <link rel="stylesheet" href="/static/tacit.min.css" type="text/css">
+  </head>
+  <body>
+    <section>
+      <header>
+        <nav>
+          <h1>mydns.gay</h1>
+        </nav>
+      </header>
+      <article>
+        <p>
+          this is my anonymous dns server. you are free to use it, but just letting you know, this is mine, so it only really has features i care about.
+        </p>
+        <p>
+          the only thing i record are long-term metrics, for the health of the service.
+        </p>
+        <p>
+          it's meant to preserve my privacy (along with anyone who is using its).
+          in large, my goal is to avoid my dns data being sold to advertisers.
+        </p>
+      </article>
+      <article>
+        <h3>endpoints</h3>
+        <p>
+          <table>
+            <tbody>
+              <tr>
+                <th>type</th>
+                <th>endpoint</th>
+                <th>additional info</th>
+              </tr>
+              <tr>
+                <td>
+                  DoH/DoH3
+                </td>
+                <td>
+                  <code>https://mydns.gay/dns-query</code>
+                </td>
+                <td>
+                  via ip4/ ipv6.
+                </td>
+              </tr>
+              <tr>
+                <td>
+                  DNS / DoT (IPv4)
+                </td>
+                <td>
+                  <code>172.232.13.191</code>
+                </td>
+                <td>
+                  SNI for TLS is <code>mydns.gay</code>
+                </td>
+              </tr>
+            </tbody>
+              <tr>
+                <td>
+                  DNS / DoT (IPv6)
+                </td>
+                <td>
+                  <code> 2600:3c06::f03c:94ff:fe68:afad</code>
+                </td>
+                <td>
+                  SNI for TLS is <code>mydns.gay</code>
+                </td>
+              </tr>
+          </table>
+        </p>
+      </article>
+      <!--
+        <article>
+        <h3>information</h3>
+        </article>
+      -->
+      <article>
+        <h3>information</h3>
+        <p>
+          the server is in linode ORD datacenter. if i believe that linode one day is unfit to run this service, i will switch.
+        </p>
+        <p>
+          i'm really lazy, so the truth is, this is made from patching together a bunch of open source tools
+          <ul>
+            <li><a href="https://github.com/caddyserver/caddy">caddy (https routing, H3)</a></li>
+            <li><a href="https://github.com/PowerDNS/pdns">dnsdist (dns load balancer)</a></li>
+            <li><a href="https://github.com/semihalev/sdns">sdns (recursive resolver)</a></li>
+            <li><a href="https://github.com/ansible/ansible">ansible (setup & config management)</a></li>
+            <li><a href="https://debian.org">debian (host)</a></li>
+            <li><a href="https://github.com/VictoriaMetrics/VictoriaMetrics">victoriametrics (metrics)</a></li>
+            <li><a href="https://github.com/prometheus/prometheus">prometheus (metrics)</a></li>
+            <li><a href="https://github.com/grafana/grafana">grafana (metrics)</a></li>
+          </ul>
+        </p>
+
+      </article>
+    </section>
+
+  </body>
+</html>
diff --git a/ansible/assets/index.html b/ansible/assets/index.html
index a3ab0f1..0445eb8 100644
--- a/ansible/assets/index.html
+++ b/ansible/assets/index.html
@@ -20,21 +20,13 @@
         <p>
           this is my anonymous dns server. you are free to use it, but just letting you know, this is mine, so it only really has features i care about.
         </p>
+        <p>
+          the only thing i record are long-term metrics, for the health of the service.
+        </p>
         <p>
           it's meant to preserve my privacy (along with anyone who is using its).
           in large, my goal is to avoid my dns data being sold to advertisers.
         </p>
-        <p>
-          the only thing i record are long-term metrics, for the health of the service.
-
-          the server is in linode ORD datacenter. if i believe that linode one day is unfit to run this service, i will switch.
-        </p>
-        <p>
-          software used:  <ul>
-            <li><a href="https://github.com/ansible/ansible">ansible</a></li>
-            <li><a href="https://github.com/PowerDNS/pdns">dnsdist</a></li>
-          </ul>
-        </p>
       </article>
       <article>
         <h3>endpoints</h3>
@@ -54,42 +46,48 @@
                   <code>https://mydns.gay/dns-query</code>
                 </td>
                 <td>
-                  via ip4, ipv6. TLS powered by  <a href="https://github.com/caddyserver/caddy">caddy</a>
+                  via ip4/ipv6.
                 </td>
               </tr>
               <tr>
                 <td>
-                  DNS
+                  DNS (IPv4)
                 </td>
                 <td>
-                  <code>172.232.13.191</code> / <code>mydns.gay</code>
+                  <code>172.232.13.191</code>
                 </td>
                 <td>
-                  port 53
                 </td>
               </tr>
               <tr>
                 <td>
-                  DNS (ipv6)
+                  DNS (IPv6)
                 </td>
                 <td>
-                  <code>
-                    2600:3c06::f03c:94ff:fe68:afad
-                  </code> / <code>mydns.gay</code>
+                  <code>[2600:3c06::f03c:94ff:fe68:afad]</code>
                 </td>
                 <td>
-                  port 53
                 </td>
               </tr>
+              <td>
+                DNS over TLS/DoQ (IPv4)
+              </td>
+              <td>
+                <code>172.232.13.191:853</code>
+              </td>
+              <td>
+                SNI for TLS is <code>mydns.gay</code>
+              </td>
+              </tr>
               <tr>
                 <td>
-                  DoT
+                  DNS over TLS/DoQ (IPv6)
                 </td>
                 <td>
-                  <code>172.232.13.191:853</code> / <code>mydns.gay:853</code>
+                  <code>[2600:3c06::f03c:94ff:fe68:afad]:853</code>
                 </td>
                 <td>
-                  Dns over TLS
+                  SNI for TLS is <code>mydns.gay</code>
                 </td>
               </tr>
             </tbody>
@@ -101,6 +99,27 @@
         <h3>information</h3>
         </article>
       -->
+      <article>
+        <h3>information</h3>
+        <p>
+          the server is in linode ORD datacenter. if i believe that linode one day is unfit to run this service, i will switch.
+        </p>
+        <p>
+          i'm really lazy, so the truth is, this is made from patching together a bunch of open source tools
+          <ul>
+            <li><a href="https://github.com/caddyserver/caddy">caddy (https routing, H3)</a></li>
+            <li><a href="https://github.com/PowerDNS/pdns">dnsdist (dns load balancer)</a></li>
+            <li><a href="https://github.com/semihalev/sdns">sdns (recursive resolver)</a></li>
+            <li><a href="https://github.com/ansible/ansible">ansible (setup & config management)</a></li>
+            <li><a href="https://debian.org">debian (host)</a></li>
+            <li><a href="https://github.com/VictoriaMetrics/VictoriaMetrics">victoriametrics (metrics)</a></li>
+            <li><a href="https://github.com/prometheus/prometheus">prometheus (metrics)</a></li>
+            <li><a href="https://github.com/grafana/grafana">grafana (metrics)</a></li>
+          </ul>
+        </p>
+
+      </article>
     </section>
+
   </body>
 </html>
diff --git a/ansible/files/dnsdist.conf b/ansible/files/dnsdist.conf
index 14df085..29cbfed 100644
--- a/ansible/files/dnsdist.conf
+++ b/ansible/files/dnsdist.conf
@@ -22,9 +22,15 @@ addAction(MaxQPSIPRule(5, 32, 48, 20), DelayAction(100))
 webserver("127.0.0.1:6060")
 setWebserverConfig({ statsRequireAuthentication=false })
 setLocal("0.0.0.0:53")
+
+-- proxied by caddy
 addDOHLocal("127.0.0.1:8053", nil, nil, "/dns-query", { reusePort=true, trustForwardedForHeader=true })
+
 addTLSLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key)
 addTLSLocal('[::]:853', tls_cert_crt, tls_cert_key)
 
+addDOQLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key)
+addDOQLocal('[::]:853', tls_cert_crt, tls_cert_key)
+
 addACL('0.0.0.0/0')
 addACL('::/0')