DNS-over-HTTP/3

Google announced support for DNS-over-HTTP/3
Please someone implement it in openwrt. And when you do, please make a GUI luci package too. :innocent:

1 Like

Great Link ... blockquoting some highlights

In Android 9.0

In Android 9.0, we announced the Private DNS feature, which uses DNS-over-TLS (DoT) to protect DNS queries when enabled and supported by the server. Unfortunately, DoT incurs overhead for every DNS request. An alternative encrypted DNS protocol, DNS-over-HTTPS (DoH), is rapidly gaining traction within the industry as DoH has already been deployed by most public DNS operators, including the Cloudflare Resolver and Google Public DNS. While using HTTPS alone will not reduce the overhead significantly, HTTP/3 uses QUIC, a transport that efficiently multiplexes multiple streams over UDP using a single TLS session with session resumption. All of these features are crucial to efficient operation on mobile devices.

DNS-over-HTTP/3 (DoH3) support was released as part of a Google Play system update, so by the time you’re reading this, Android devices from Android 11 onwards1 will use DoH3 instead of DoT for well-known2 DNS servers which support it. Which DNS service you are using is unaffected by this change; only the transport will be upgraded. In the future, we aim to support DDR which will allow us to dynamically select the correct configuration for any server. This feature should decrease the performance impact of encrypted DNS.

1 Like

Is QUIC much more secure than TCP?

Oh great, more complexity piled upon complexity.

1 Like

You can read as well as I can :rofl: ... and that is not what I understood from the article and link.

I don't think @jow loves this very much.

Plus I enabled this on my android phone to "automatic"; rebooted and had no DNS at all ..
Web pages quickly gone up in smoke.

# The Internet just changed.

You better be aware of what just changed on the Internet. TCP is being replaced with QUIC. UDP is being used more and more instead of TCP. This affects your firewalls. It affects a lot of your network troubleshooting. HTTP/3 has been standardized. Everything is encrypted with QUIC - welcome to the new world of network troubleshooting and security.

Video link 
https://www.youtube.com/watch?v=cdb7M37o9sU
// MENU //
00:00 - The Problem with TCP
00:12 - Introducing//Robin Marx
02:12 - Clean Ship, Clean House//RFCs
03:25 - HTTP Semantics//QUIC//HTTP/3
04:17 - Why the Hell Do We Need HTTP/3?
05:05 - Why QUIC?
08:35 - QUIC & TLS Integration
10:02 - Why Use UDP?
13:50 - Replacing TCP with QUIC
14:28 - Summary So Far 
15:22 - Stream Multiplexing
15:40 - Head-of-line blocking
18:40 - Why This Slows Things Down
19:29 - How QUIC Does It Differently
20:58 - TCP vs QUIC//Packet Handling
23:11 - HTTP/3 Prioritization
25:25 - Stats//QUIC Isn't Going Anywhere 
26:30 - Firewalls are almost useless
27:20 - Firewalls Blocking QUIC?
28:04 - QUIC & Other Protocols?
29:20 - IPv4 & IPv6//Different for QUIC?
29:54 - Challenges for QUIC's Growth
30:43 - Connection Migration
33:33 - What About Hackers? 
36:32 - How Do I Get To Use QUIC?
38:28 - Large Companies Adopting QUIC
39:09 - The Internet is Too Centralized?
40:02 - Header Compression
41:55 - Server Push
43:47 - Practical Examples with Wireshark
50:34 - Thank You & How to Contact Robin
2 Likes

Sorry, but I missed that link. Can you put that up?

video link? I put the video link in Preformatted text

Which ever one you got that info from ....

Duhh see it now... it's in plain sight hidden in the preformatted text.

:confounded:

1 Like