Google announces that it has added support for the DNS-over-HTTP/3 (DoH3) protocol in Android 11 and later versions of its mobile OS, which should improve the privacy of DNS queries as well as improve performance.
Let me remind you that we also wrote that Experts described how Android malware infiltrates the Google Play Store.
In addition, some Android 10 devices that have previously implemented system updates from the Google Play Store will receive the new functionality. End users don’t need to take any action to enable the new functionality, Android will do it automatically.
HTTP/3 is the third version of the Hypertext Transfer Protocol based on QUIC, a multiplex transport protocol that is built on UDP rather than TCP as was the case in previous versions. The new protocol eliminates the so-called “head-of-line blocking” problem, which slows down data transfer if a packet is lost or reordered, which is quite common with mobile and frequent connection switching.
Previously, Android 9 and later versions supported DNS-over-TLS (DoT), which allowed to increase privacy of DNS queries, but inevitably slowed down DNS queries due to additional resource consumption for encryption. Moreover, DoT each time required a new connection to be renegotiated when the network changed, whereas QUIC is able to resume a suspended connection in one RTT (round-trip time, the time taken to send the signal, plus the time it takes to confirm that the signal was received).
Thus, DoH3 solves many of the performance problems inherent in DoT. According to tests conducted by Google, the increase in performance (median query time) is 24%, and in some cases up to 44%.
Another advantage of DoH3 is the use of a DNS resolver written in Rust. It is expected that this implementation will significantly reduce the risk of vulnerabilities.
It is noted that DNS-over-HTTPS is already widely supported by many DNS providers to provide increased privacy when making DNS queries. Since Google supports DNS-over-HTTP/3 and DNS-over-QUIC, which is now a proposed standard, it is likely that these technologies will become even more widespread among DNS providers soon. In the meantime, as part of the launch of this feature on Android devices, Cloudflare DNS and Google Public DNS, which already support DNS-over-QUIC, will be used.
In the future, Google plans to add support for other DoH3 providers through the Discovery of Designated Resolvers (DDR), which will automatically select the best provider for a given configuration.
Leave a Comment