Menu
EN

DNS-over-QUIC is now officially a proposed standard

We're happy to announce that DNS-over-QUIC, a very promising protocol, has become a proposed standard. We believe that DNS-over-QUIC is better than other popular alternatives (DNS-over-HTTPS, DNS-over-TLS) and has a potential to completely replace old unencrypted DNS protocols. But first things first.

The history of DNS-over-QUIC

DNS-over-QUIC (abbreviated as DoQ) is a relatively new protocol for transmitting DNS queries: it was not until May 2022 that it became a standard. For comparison, DNS-over-TLS was standardized in 2016 and DNScrypt in 2011.

About a year and a half ago AdGuard DNS became the first public DNS resolver to support the new DoQ protocol. At that time, the DoQ standard was still in the draft stage: it was an experiment, not yet ready to be used everywhere.

And finally, in mid-May this year, the situation changed: DNS-over-QUIC was published as an RFC (Request for Comments, a document that describes online protocols, methods, programs, or research applicable to the Internet), was assigned the number 9250 and since then has to be treated as a proposed standard. This RFC has a long way to go before it becomes an Internet standard, but already now DNS-over-QUIC has been found to be stable enough and has received enough community reviews to be implemented around the world.

But first let's talk about what DNS-over-QUIC is and why it's better than other versions.

Why is DNS-over-QUIC worth it?

We've written earlier about what DNS-over QUIC is. If you're eager to dive into detail, you can read that article first. Shortly, DNS-over-QUIC is a DNS protocol that uses the QUIC transport layer protocol to transmit DNS requests.

TCP data packet transmission scheme
TCP data packet transmission scheme

QUIC data packet transmission scheme
QUIC data packet transmission scheme

Compared to another, extremely popular protocol TCP, QUIC is faster, more reliable, and offers more encryption options. And DNS-over-QUIC inherits all its advantages.

In short, here are the main advantages of DNS-over-QUIC:

  1. It encrypts DNS traffic. Nobody except you can see what websites you visit.
  2. QUIC is designed to solve the problem of "head-of-line-blocking", that is, it will work better in networks with a high packet loss rate (think mobile data in elevators or tunnels).
  3. The QUIC standard supports the so-called "Connection Migration". When you're leaving home and your phone switches from Wi-Fi to mobile network, the QUIC connection, unlike other connections, doesn't drop. Unfortunately, it hasn't been implemented yet, but we hope the situation changes soon.
  4. QUIC allows you to establish a network connection much faster. As with the "Connection Migration", it's especially useful when being on mobile. With DNS-over-QUIC implemented, the connection is established twice as fast as with DNS-over-TLS.

How has the standard changed compared to drafts?

DNS-over-QUIC can now be used not only for recursive DNS servers (such as AdGuard DNS), but also for authoritative ones. In the long term, this will make it possible to encrypt not only the traffic from the client (your computer or phone) to the recursive server, but also all DNS traffic in general. That is, unlike DNS-over-HTTPS, DoQ is a more comprehensive protocol that can fully cover the situations where the unencrypted protocol was previously used.

What has changed for AdGuard?

Many AdGuard products have been supporting DoQ for a while now, but we'd like to outline a few things:

  1. AdGuard DNS now fully supports the standard. "Draft" versions will continue to be supported as well.
  2. As for AdGuard Home, it has already adopted the new standard!
  3. All of our apps will also switch to the standard; the "experimental" mark will be finally removed from the interface. In future versions, we're planning to implement DoQ as the default protocol (instead of DNS-over-HTTPS which is our default choice at the moment).

Almost all of our DoQ related developments are publicly available. We maintain them and update them regularly. Here are some of them:

  • dnslookup is a basic utility to perform DNS requests. It supports all popular modern protocols: DoH, DoT, DNSCrypt, and, of course, DoQ.
  • With AdGuard Home, you can set up your own DoQ server. If you run AdGuard Home as a public server, you can set up encryption on it.
  • dnsproxy is a simple DNS proxy server with support for DoH, DoT, DoQ and DNSCrypt.
  • DnsLibs is a C++ library that we use in our AdGuard products. Feel free to use it to incorporate DoQ into your own app.
    We're also expecting to make the new AdGuard DNS code public in the near future.

We're really excited about the opportunities that the implementation of DNS-over-QUIC as a standard can bring: a faster connection, better encryption, a lesser packet loss rate, "Connection Migration", and much more. And we're looking forward to taking advantage of all of them! Meanwhile, you can read how to set up DoQ in AdGuard for iOS and AdGuard for Android or configure a public AdGuard DNS server that uses the QUIC protocol (you can find it in the "Our server addresses" section). Or create your very own private AdGuard DNS server, choose any protocol you want (like DoQ!) and be directly in charge of all your DNS requests!

By downloading the comments you agree the terms and policies
Bye, Internet Explorer, you won’t be missed: Once omnipresent browser king retires in exile
Microsoft has ended support for Internet Explorer for most users, a long-awaited step that marks the end of an era. Once the world's most popular browser, Internet Explorer has become the target of ridicule for its rigidity, which manifested itself with regards to ad blocking.
Private AdGuard DNS beta 4: dark theme, new localizations, and free Personal plan
Meet the new version of the private AdGuard DNS! It features a dark theme, new localizations, and exciting news for all paid AdGuard VPN users: they will get free access to the private AdGuard DNS!
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device