diff --git a/transport/internet/tls/ech.go b/transport/internet/tls/ech.go
index 9471384d..a7985899 100644
--- a/transport/internet/tls/ech.go
+++ b/transport/internet/tls/ech.go
@@ -5,6 +5,7 @@ package tls
 
 import (
 	"bytes"
+	"context"
 	"crypto/tls"
 	"encoding/base64"
 	"io"
@@ -15,6 +16,8 @@ import (
 
 	"github.com/miekg/dns"
 	"github.com/xtls/xray-core/common/errors"
+	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/transport/internet"
 )
 
 func ApplyECH(c *Config, config *tls.Config) error {
@@ -58,6 +61,7 @@ func QueryRecord(domain string, server string) (string, error) {
 	}
 	mutex.Lock()
 	defer mutex.Unlock()
+	errors.LogDebug(context.Background(), "Tring to query ECH config for domain: ", domain, " with ECH server: ", server)
 	record, ttl, err := dohQuery(server, domain)
 	if err != nil {
 		return "", err
@@ -79,8 +83,24 @@ func dohQuery(server string, domain string) (string, uint32, error) {
 	if err != nil {
 		return "", 0, err
 	}
+	tr := &http.Transport{
+		IdleConnTimeout:   90 * time.Second,
+		ForceAttemptHTTP2: true,
+		DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+			dest, err := net.ParseDestination(network + ":" + addr)
+			if err != nil {
+				return nil, err
+			}
+			conn, err := internet.DialSystem(ctx, dest, nil)
+			if err != nil {
+				return nil, err
+			}
+			return conn, nil
+		},
+	}
 	client := &http.Client{
-		Timeout: 5 * time.Second,
+		Timeout:   5 * time.Second,
+		Transport: tr,
 	}
 	req, err := http.NewRequest("POST", server, bytes.NewReader(msg))
 	if err != nil {
@@ -108,6 +128,7 @@ func dohQuery(server string, domain string) (string, uint32, error) {
 		re := regexp.MustCompile(`ech="([^"]+)"`)
 		match := re.FindStringSubmatch(respMsg.Answer[0].String())
 		if match[1] != "" {
+			errors.LogDebug(context.Background(), "Get ECH config:", match[1], " TTL:", respMsg.Answer[0].Header().Ttl)
 			return match[1], respMsg.Answer[0].Header().Ttl, nil
 		}
 	}