Skip to main content

1. Introduction

Domain Name System (DNS) concepts are specified in "Domain names - concepts and facilities" [RFC1034]. The transmission of DNS queries and responses over UDP and TCP is specified in "Domain names - implementation and specification" [RFC1035].

This document presents a mapping of the DNS protocol over the QUIC transport [RFC9000] [RFC9001]. DNS over QUIC is referred to here as DoQ, in line with "DNS Terminology" [DNS-TERMS].

The goals of the DoQ mapping are:

  1. Provide the same DNS privacy protection as DoT [RFC7858]. This includes an option for the client to authenticate the server by means of an authentication domain name as specified in "Usage Profiles for DNS over TLS and DNS over DTLS" [RFC8310].

  2. Provide an improved level of source address validation for DNS servers compared to classic DNS over UDP.

  3. Provide a transport that does not impose path MTU limitations on the size of DNS responses it can send.

In order to achieve these goals, and to support ongoing work on encryption of DNS, the scope of this document includes:

  • the "stub to recursive resolver" scenario (also called the "stub to recursive" scenario in this document)

  • the "recursive resolver to authoritative nameserver" scenario (also called the "recursive to authoritative" scenario in this document), and

  • the "nameserver to nameserver" scenario (mainly used for zone transfers (XFR) [RFC1995] [RFC5936])

In other words, this document specifies QUIC as a general-purpose transport for DNS.

The specific non-goals of this document are:

  1. No attempt is made to evade potential blocking of DoQ traffic by middleboxes.

  2. No attempt to support server-initiated transactions, which are used only in DNS Stateful Operations (DSO) [RFC8490].

Specifying the transmission of an application over QUIC requires specifying how the application's messages are mapped to QUIC streams, and generally how the application will use QUIC. This is done for HTTP in "Hypertext Transfer Protocol Version 3 (HTTP/3)" [HTTP/3]. The purpose of this document is to define the way DNS messages can be transmitted over QUIC.

DNS over HTTPS (DoH) [RFC8484] can be used with HTTP/3 to get some of the benefits of QUIC. However, a lightweight direct mapping for DoQ can be regarded as a more natural fit for both the recursive to authoritative and zone transfer scenarios, which rarely involve intermediaries. In these scenarios, the additional overhead of HTTP is not offset by, for example, benefits of HTTP proxying and caching behavior.

In this document, Section 3 presents the reasoning that guided the proposed design. Section 4 specifies the actual mapping of DoQ. Section 5 presents guidelines on the implementation, usage, and deployment of DoQ.

Last updated on