AdGuard Launches The World's First DNS-Over-QUIC Resolver For Android And iOS

AdGuard QUIC

AdGuard is known for its ad blocking and privacy protection tools. It also provides multiple free public DNS servers, with products that support encryption technologies.

This time, the company has announced that it has become the world's first DNS-over-QUIC (DoQ) resolver.

Making it available on its Android and iOS apps, AdGuard's DoQ protocol works by resolving users' DNS queries (converting website URLs into IP addresses) using the new QUIC data transfer protocol.

This way, AdGuard tries to solve one of UDP's main issue: Its inability to encrypt traffic.

When data is transferred via UDP, traffic is not encrypted and is available in clear text to any network observer. This makes it easy for for ISPs to track even encrypted HTTPS traffic by simply looking at the DNS queries that proceed those connections. This weakness has been around for a long time.

This fact led to the creation of the DNS alternative protocols, like the DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT).

But still, both DoH and DoT have their own weaknesses.

DoQ on the other hand, is considered the future-proof DNS encryption.

TCP
With using TCP, if one data packet gets lost, the rest have to wait in line, prolonging data transfer, affecting the overall speed (Credit: AdGuard)

While the encryption provided by QUIC has similar properties to that provided by TLS, the QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient error corrections than UDP.

This way, DoQ has privacy properties similar to DoT specified in RFC7858, but the speedier performance similar to classic DNS-over-UDP.

Long story short, DoQ replaces the old UDP with the newer QUIC, the layer below DNS, as its underlying technology, effectively giving DNS an upgrade to the more modern technology.

This is why QUIC is regarded as the new "data transport" protocol.

The project started by Google when the company wanted to develop an alternative to the aging TCP protocol that is known to be slow. TCP still underpins most of the web, together with UDP.

Google's first attempt to develop a TCP alternative was the SPDY protocol. which was well received and a success. The evolution of SPDY, is QUIC, which comes with more speed, better packet transfer reliability, but also with built-in support for TLS encryption.

Referring to TCP and UCP, these technologies have "been around for ages, doing their job well. There's a catch, though: they've been doing it well under the near-perfect conditions of stable broadband connection," said AdGuard.

"Step out of your house into the wilderness of 4G, LTE, and mobile data in general, and you'll inevitably run into such issues as weak signal, slow connection and whatnot. Even modern standards like 5G won't protect you from these nuisances — try riding an elevator, for example."

And QUIC here QUIC "allows data to get processed without any specific order. If the first data packet is lost due to a weak signal, the rest will be processed without delay nonetheless."

QUIC
With QUIC, if a data packet gets lost, the remaining data packets can get processed. (Credit: AdGuard)

This allows devices to switch connections when jumping from one IP address to another, a breeze and a lot faster.

What's more, QUIC also allows connections to survive any changes to endpoint address, not just IP address.

Knowing all that, AdGuard becomes the first to utilize connection for DNS, using the QUIC protocol on its DNS servers.

This approach takes advantage of the QUIC transport layer protocol and uses it to transmit DNS requests.

At the moment of introduction, the DoQ standard is still in the draft stage at the Internet Engineering Task Force (IETF), but AdGuard says there is no reason for it to wait. With its DoQ, it wants to start providing this better and more private version of the DNS protocol to its users.

Related: To Improve Speed, Google Chrome Rolls Out HTTP/3 Support Through IETF QUIC

Published: 
18/12/2020