cloudflared icon indicating copy to clipboard operation
cloudflared copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

DNS over QUIC

Open bjornfro opened this issue 2 years ago • 13 comments

Any plans for Cloudflare and cloudflared to support DNS over QUIC. I have "a feeling" that would work better than DoH, especially on networks that are not "perfect". Has some packet loss. Given the nature/overhead of TCP.

https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/

bjornfro avatar May 03 '22 06:05 bjornfro

For cloudflared, we recently announced that we support quic as a primary transport protocol. You can learn more about how we built it on our blog and a little more about our motivations as well.

That said, we do not support quic for dns-proxy mode. We'll look into this, but do not have immediate plans to support this. Thanks for raising this FR.

abelinkinbio avatar May 03 '22 16:05 abelinkinbio

Would you agree that it would/should in theory work better, especially on networks with questionable quality?

bjornfro avatar May 03 '22 17:05 bjornfro

Interesting. In theory we do imagine it would be more reliable, but to be fair we haven't explored this concept enough to know for certain. We'll look into this further and keep this thread updated with our findings.

abelinkinbio avatar May 06 '22 17:05 abelinkinbio

Any updates?

Unknown78 avatar Aug 04 '22 01:08 Unknown78

Thank you for the additional upvote on this FR. Are you currently running cloudflared in dns-proxy mode over DoH as well? We don't have any updates to share at this time. This is not on the immediate roadmap, but we will keep this thread updated if and when that changes.

abelinkinbio avatar Aug 04 '22 01:08 abelinkinbio

I was using DNSCrypt's dns-proxy for DoH in my Windows. But then Windows 11 came and able to apply it on a machine-wide.

The new version of DNSCrypt's dns-proxy 2.1.2 support DNS-over-HTTP/3 which is QUIC-based. But the problem is that I could only found two public resolvers that supports it with very high latency, doh-crypto-sx and jp.tiarap.org.

Meanwhile, there's only 1 public resolvers currently with it's own proxy app that support DNS-over-QUIC directly without HTTP/3, that is AdguardTeam's dnsproxy.

Nowadays, I run it. with this command:

dnsproxy.exe -u quic://94.140.14.140 -u quic://94.140.14.141 --all-servers --edns --dns64

It must be direct IP to skip bootstrapping. Load balance with its secondary server is also a bonus.

At least I hope that Cloudflare's public resolvers, 1.1.1.1 and 1.0.0.1, will supports DNS-over-HTTP/3, if not DNS-over-QUIC directly. And I also hope Windows will supports it in the future.

Unknown78 avatar Aug 06 '22 04:08 Unknown78

any news?

bmeirellesRJ avatar Sep 25 '22 22:09 bmeirellesRJ

DNS over QUIC (DoQ) is already a proposed standard and I expect it to be supported.

RFC 9250 - DNS over Dedicated QUIC Connections

cherinyy avatar Dec 06 '22 11:12 cherinyy

Bump, I use https://github.com/folbricht/routedns and currently use AdGuard's DoQ servers. It would be nice to see it more widely supported though. And I'm a Cloudflare customer.

mattkeenan avatar Mar 03 '23 12:03 mattkeenan

is dns over http3 also covered here?

ivanjx avatar Mar 22 '24 06:03 ivanjx