Support for DoQ | DNS over QUIC

Hello,

DoQ is IMHO the upgrade of DoT and is not bloated compared to DoH & DoH3. https://tools.ietf.org/html/draft-huitema-quic-dnsoquic-07

Do you consider support this Internet Draft or would your rather wait for a RFC?

Thanks, HLFH

I believe our whole team agrees that the HTTP layer is more trouble than worth for DNS.

As for QUIC, I haven't thought through all details of that. Knot Resolver team certainly has no current plans to implement it. Perhaps for starters "we" should use some proxies to plain UDP or TCP and defer internal implementation(s) to later.

If I understand it correctly (there are many variables like TCP fast open, TLS session resumption, 0-RTT), QUIC will improve latency for the first reply on a given connection (by one RTT, whether TLS-resumed or not). That seems mainly advantageous towards authoritative servers, but those are not considered yet (in the RFC draft). Towards resolvers the connections tend to be longer and aggregate many queries, so there... perhaps for links with higher packet loss it will be better latency-wise due to head-of-line blocking.

QUIC is solving the head-of-line blocking issue. https://en.wikipedia.org/wiki/Head-of-line_blocking#In_HTTP

HTTP/3 is using the QUIC transport layer network protocol with UDP: https://en.wikipedia.org/wiki/HTTP/3 instead of TCP.

I like this post about QUIC: https://www.fastly.com/blog/why-fastly-loves-quic-http3

Based on QUIC implementations, and Knot Resolver using C programming language, I would suggest to use picoquic from Private Octopus Inc. that has contributed to the Internet Draft above: https://github.com/private-octopus/picoquic

I also recommend to check:

• https://github.com/h2o/quicly
• https://github.com/litespeedtech/lsquic
• https://github.com/p-quic/pquic

Well, main question is: Is there any other DNS software considering QUIC? It would be almost pointless to implement something which is not going to be supported elsewhere.

It is the case of Trust-DNS: https://github.com/bluejekyll/trust-dns/pull/1673

Yes. In the past year DoH seems to be stealing almost all attention/interest, despite having come later than DoT. I don't think it will be easy to propagate yet another protocol.

added feature label

The standard DNS over QUIC has been published: https://datatracker.ietf.org/doc/html/rfc9250

Furthermore, the DPrive Working Group has published an Internet Draft whose goal is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-02

Just to follow up some more, https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ has been making progress and is approaching RFC status. I expect there will be more demand for authoritative resolvers to support it at some point once it is official.

Has this feature been added to the roadmap or is it expected to be supported soon? While exploring DNS Cache/Resolver/Forwarder options, I discovered that https://technitium.com/dns/ also supports DoQ, DoH/3, and XoQ. I hope there will be some updates regarding the progress of this feature.

It feels difficult to promise big things in advance. I'd say that DoQ support most likely will get into Knot Resolver in 2024 or 2025, for server side and forwarding at least.