This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient packet loss recovery than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and latency characteristics similar to classic DNS over UDP.
Working Group Summary
There is consensus in the DPRIVE WG for publishing this specification. Additionally, valuable feedback was received from the QUIC WG as they were copied on the start of the WG Last Call.
This document has undergone review from both DNS experts (implementors and operators) and QUIC experts. The feedback from the QUIC WG was valuable in identifying areas of the specification in need of additional detail.
Section 7 of the document lists 4 implementations (including one from one author).
Brian Haberman is the document shepherd.
Éric Vyncke is the responsible Area Director.
This document had two IETF Last Call because to address a padding comment from the first LC, a reference to the experimental RFC 8467 was changed from informal to normative.
See also the IANA note below.
This document is making a request to associate UDP port 853 with DNS-over-QUIC, so UDP/853 will be shared with DNS-over-DTLS. There was a fair amount of discussion on the mailing list and inside the IESG, thanks to Martin Duke during this discussion. IANA port experts have agreed on re-using udp/853.
A new ALPN is requested: "doq".