1. 特徴
DNSトラフィックを暗号化できます。 あなたが訪問するウェブサイトを知られることがなくなります。
AdGuard DNS-over-QUIC https://adguard-dns.io/en/blog/dns-over-quic.html
- 接続の確立が HTTP/2 より速くなります。0-RTTを実現
QUIC
- TCP+TLSに代わる高速プロトコル
- 輻輳制御、ロスリカバリー、およびストリーム制御、フロー制御などを提供する。
- 暗号レイヤーとしてTLS 1.3を活用
https://adguard-dns.io/ja/blog/dns-over-quic-official-standard.html
- DNS-over-QUIC、標準化が進む
2022年6月22日
List of QUIC DNS-over-QUIC servers https://cln.io/blog/list-of-quic-dns-servers/
DNS Over QUIC vs HTTPS https://www.reddit.com/r/Adguard/comments/zelzdx/dns_over_quic_vs_https/?rdt=57259
/Quic.cloud https://www.quic.cloud/docs/cdn/dns/setting-up-your-dns-with-quic-cloud/
DNS over QUIC and DNS over HTTP3 for transparent and local-in DNS modes https://docs.fortinet.com/document/fortigate/7.4.0/new-features/8405/dns-over-quic-and-dns-over-https3-for-transparent-and-local-in-dns-modes-7-4-1
A first look at DNS over QUIC By Mike Kosek on 29 Mar 2022
https://blog.apnic.net/2022/03/29/a-first-look-at-dns-over-quic/
2. RFC
RFC/9250 dedicated UDP port 853 (Section 8)
DNS over Dedicated QUIC Connections https://datatracker.ietf.org/doc/rfc9250/
Abstract
- This document describes the use of QUIC to provide transport confidentiality for DNS.
The encryption provided by QUIC has similar
- properties to those provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient packet-loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC 7858, and latency characteristics similar to classic DNS over UDP. This specification describes the use of DoQ as a general-purpose transport for DNS and includes the use of DoQ for stub to recursive, recursive to authoritative, and zone transfer scenarios.
The goals of the DoQ mapping are:
- Provide the same DNS privacy protection as DoT [RFC7858]. This
- includes an option for the client to authenticate the server by means of an authentication domain name as specified in "Usage Profiles for DNS over TLS and DNS over DTLS" [RFC8310].
- Provide an improved level of source address validation for DNS
- servers compared to classic DNS over UDP.
- Provide a transport that does not impose path MTU limitations on
- the size of DNS responses it can send.
4.1.1. Port Selection
- By default, a DNS server that supports DoQ MUST listen for and accept QUIC connections on the dedicated UDP port 853 (Section 8), unless there is a mutual agreement to use another port. By default, a DNS client desiring to use DoQ with a particular server MUST establish a QUIC connection to UDP port 853 on the server, unless there is a mutual agreement to use another port.