iJorgen
Regular Contributor
I'm curious if anyone have setup DOH3 or DOQ successfully on an ASUS Merlin router for DNS-queries? So far I haven't seen any solution/add-on to do it on router-level. Any thoughts/plans on adding it native in the future like DoT is today or as an add-on in AMTM?
I read that some use the AdGuard app to get DOH3/DOQ on their devices, but would be so much better to have it on router-level for the whole network. It's a quite hot topic right now since Google recently released native support for DNS-over-HTTP/3 in Android
Some advantages picked from the article...
I read that some use the AdGuard app to get DOH3/DOQ on their devices, but would be so much better to have it on router-level for the whole network. It's a quite hot topic right now since Google recently released native support for DNS-over-HTTP/3 in Android
Some advantages picked from the article...
PS. I know everyone has their strict opinion on DNS, but I hope we can have a friendly and open-minded discussion since it's a really good evolution for encrypted DNS with advantages compared to DoT. Would be a milestone, like when DoT was implemented.
- As DoT operates on a single stream of requests and responses, many server implementations suffer from head-of-line blocking3. This means that if the request at the front of the line takes a while to resolve (possibly because a recursive resolution is necessary), responses for subsequent requests that would have otherwise been resolved quickly are blocked waiting on that first request. DoH3 by comparison runs each request over a separate logical stream, which means implementations will resolve requests out-of-order by default.
- Mobile devices change networks frequently as the user moves around. With DoT, these events require a full renegotiation of the connection. By contrast, the QUIC transport HTTP/3 is based on can resume a suspended connection in a single RTT.
- DoT intends for many queries to use the same connection to amortize the cost of TCP and TLS handshakes at the start. Unfortunately, in practice several factors (such as network disconnects or server TCP connection management) make these connections less long-lived than we might like. Once a connection is closed, establishing the connection again requires at least 1 RTT.
In unreliable networks, DoH3 may even outperform traditional DNS. While unintuitive, this is because the flow control mechanisms in QUIC can alert either party that packets weren’t received. In traditional DNS, the timeout for a query needs to be based on expected time for the entire query, not just for the resolver to receive the packet.