One to Rule them All? A First Look at DNS over QUIC

02/07/2022
by   Mike Kosek, et al.
0

The DNS is one of the most crucial parts of the Internet. Since the original DNS specifications defined UDP and TCP as the underlying transport protocols, DNS queries are inherently unencrypted, making them vulnerable to eavesdropping and on-path manipulations. Consequently, concerns about DNS privacy have gained attention in recent years, which resulted in the introduction of the encrypted protocols DNS over TLS (DoT) and DNS over HTTPS (DoH). Although these protocols address the key issues of adding privacy to the DNS, they are inherently restrained by their underlying transport protocols, which are at strife with, e.g., IP fragmentation or multi-RTT handshakes - challenges which are addressed by QUIC. As such, the recent addition of DNS over QUIC (DoQ) promises to improve upon the established DNS protocols. However, no studies focusing on DoQ, its adoption, or its response times exist to this date - a gap we close with our study. Our active measurements show a slowly but steadily increasing adoption of DoQ and reveal a high week-over-week fluctuation, which reflects the ongoing development process: As DoQ is still in standardization, implementations and services undergo rapid changes. Analyzing the response times of DoQ, we find that roughly 40 handshake times than expected, which traces back to the enforcement of the traffic amplification limit despite successful validation of the client's address. However, DoQ already outperforms DoT as well as DoH, which makes it the best choice for encrypted DNS to date.

READ FULL TEXT
research
07/14/2020

Measuring the Performance of Encrypted DNS Protocols from Broadband Access Networks

Until recently, DNS traffic was unencrypted, leaving users vulnerable to...
research
02/20/2020

D-DNS: Towards Re-Decentralizing the DNS

Nearly all Internet services rely on the Domain Name System (DNS) to res...
research
05/01/2023

DNS Privacy with Speed? Evaluating DNS over QUIC and its Impact on Web Performance

Over the last decade, Web traffic has significantly shifted towards HTTP...
research
05/02/2022

Measuring DNS over TCP in the Era of Increasing DNS Response Sizes: A View from the Edge

The Domain Name System (DNS) is one of the most crucial parts of the Int...
research
08/09/2022

Measuring the Availability and Response Times of Public Encrypted DNS Resolvers

Unencrypted DNS traffic between users and DNS resolvers can lead to priv...
research
07/18/2019

Analyzing the Costs (and Benefits) of DNS, DoT, and DoH for the Modern Web

Essentially all Internet communication relies on the Domain Name System ...
research
09/19/2023

A First Look at SVCB and HTTPS DNS Resource Records in the Wild

The Internet Engineering Task Force is standardizing new DNS resource re...

Please sign up or login with your details

Forgot password? Click here to reset