Texonom
Texonom/
Application
Application/Network Science/ICT/Computer Network/Internet/Web Domain/DNS/DNS Query/
DNS over QUIC
Search

DNS over QUIC

Creator
Creator
Seonglae ChoSeonglae Cho
Created
Created
2023 Jan 15 21:1
Editor
Editor
Seonglae ChoSeonglae Cho
Edited
Edited
2025 Oct 28 11:10
Refs
Refs

DoQ

DNS over QUIC (DoQ) is a protocol that provides encrypted DNS resolution by leveraging
QUIC's built-in security and performance features. It addresses limitations found in earlier encrypted DNS protocols while offering improved efficiency and connection management.
  • Enhanced Security: DoQ encrypts DNS queries using QUIC's native TLS 1.3 encryption, protecting against eavesdropping and tampering.
  • Improved Performance: QUIC's multiplexing capabilities allow multiple DNS queries over a single connection without head-of-line blocking.
  • Reduced Latency: 0-RTT connection establishment enables faster DNS resolution for subsequent queries.
  • Better Connection Migration: QUIC supports seamless connection migration across network changes, maintaining DNS service continuity.

Comparison with Other Encrypted DNS Protocols

  1. DNS over HTTPS     (DoH): While DoH uses HTTP/2 or HTTP/3, DoQ operates directly over QUIC with dedicated connections, potentially offering lower overhead and better performance.
  1. DNS over TLS     (DoT): DoT relies on TCP, which suffers from head-of-line blocking. DoQ's use of QUIC eliminates this issue and provides faster connection establishment.

Technical Implementation

DoQ operates on UDP port 853 and uses dedicated QUIC connections for DNS traffic. The protocol is standardized in RFC 9250, which defines the specifications for DNS over Dedicated QUIC Connections. This standardization ensures interoperability between different implementations and promotes widespread adoption.

Adoption and Future Outlook

As DoQ becomes an official standard, more DNS providers and client applications are beginning to support it. The protocol represents a significant step forward in DNS privacy and performance, combining the security benefits of encryption with QUIC's modern transport features.
 
 
 
 
RFC 9250: DNS over Dedicated QUIC Connections
This document describes the use of QUIC to provide transport confidentiality for DNS. The encryption provided by QUIC has similar properties to those provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient packet-loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC 7858, and latency characteristics similar to classic DNS over UDP. This specification describes the use of DoQ as a general-purpose transport for DNS and includes the use of DoQ for stub to recursive, recursive to authoritative, and zone transfer scenarios.
RFC 9250: DNS over Dedicated QUIC Connections
https://datatracker.ietf.org/doc/rfc9250/
RFC 9250: DNS over Dedicated QUIC Connections
DNS-over-QUIC는 이제 공식 표준입니다
DNS-over-QUIC 프로토콜이 표준이 되었음을 발표하게 되어 기쁩니다. 저희는 DNS-over-QUIC가 DNS-over-HTTPS, DNS-over-TLS와 같은 다른 인기 있는 프로토콜보다 우수하며 암호화되지 않은 오래된 DNS 프로토콜을 대체할 가능성이 있다고 생각합니다. DoQ(DNS-over-QUIC)는 DNS 쿼리를 전송하기 위한 새로운 프로토콜입니다. DNS-over-QUIC는 2022년 5월에야 표준이 되었습니다. (DNS-over-TLS는 2016년에, DNScrypt는 2011년에 표준이 되었습니다).
https://adguard.com/ko/blog/dns-over-quic-official-standard.html
DNS-over-QUIC는 이제 공식 표준입니다
ripe84.ripe.net
https://ripe84.ripe.net/wp-content/uploads/presentations/105-RIPE84_DNS_WG_DNS-over-QUIC.pdf
 

Recommendations

Texonom
Texonom/
Application
Application/Network Science/ICT/Computer Network/Internet/Web Domain/DNS/DNS Query/
DNS over QUIC