Moreover, DoT requires a complete renegotiation of the new connection when changing networks. In contrast, QUIC can resume a suspended connection in a single RTT (time needed for a signal to reach the destination). With DoH3, many of DoT’s performance burdens are lifted, and according to Google’s measurements, achieves a 24% increase in performance for median query times. In some cases, Google has seen performance increases up to 44%. Additionally, DoH3 may help with unreliable networks, even outperforming traditional DNS thanks to the proactive flow control mechanisms that immediately generate package delivery fail alerts instead of waiting for timeouts to elapse.
On Android 11 and later, Google has implemented support for the DNS-over-HTTP/3 (DoH3) protocol to boost DNS query privacy while delivering greater performance. The Hypertext Transfer Protocol, or HTTP/3, is the third major version. Unlike earlier versions, which relied on TCP, HTTP/3 uses QUIC, a multiplexed transport protocol built on UDP. The new protocol resolves the issue of “head-of-line blockage,” which slows down internet data transfers when a packet is dropped or reordered, something that happens frequently while using a mobile device and switching connections.
DNS-over-HTTPS is already widely supported by many DNS providers to provide increased privacy when performing DNS requests. With Google supporting DNS-over-HTTP/3 Android and DNS-over-QUIC now a proposed standard, we will likely see increased adoption by DNS providers shortly. However, as part of this feature’s launch, Android devices will use Cloudflare DNS and Google Public DNS, which already support DNS-over-QUIC.
The result is a performant low-level system with a few dependencies, is light, and uses a memory-safe language that reduces the number of bugs attackers can leverage to abuse it. At the time of reading this, all Android devices running Android 11 and later should use DoH3 for Google DNS and Cloudflare DNS (more to be added soon). In addition, a subset of Android 10 devices whose vendors adopted Google Play system updates early will also receive this new feature. The end-users don’t have to take any action to enable the new feature, as Android will handle this part automatically.
In the future, Google plans on adding support for other DoH3 providers through the use of Discovery of Designated Resolvers (DDR), which automatically selects the best provider for your specific configuration. Another point of superiority of DoH3 is the use of Rust in its implementation, which resulted in a lean system comprising 1,640 lines of code that use a single runtime thread instead of DoT’s four. “We built the query engine using the Tokio async framework to simultaneously handle new requests, incoming packet events, control signals, and timers. In C++, this would likely have required multiple threads or a carefully crafted event loop.” – Google.