Ad-blocker company AdGuard has deployed on Wednesday the world's first-ever DNS-over-QUIC (DoQ) resolver into a production environment as part of the company's Android and iOS applications.
AdGuard's DoQ resolver will work by resolving its users' DNS queries (converting website URLs into IP addresses) using the new QUIC[1] data transfer protocol.
DoQ replaces UDP with QUIC inside DNS' underbelly
Today, by default, DNS queries are resolved via the standard UDP protocol.
The problem is that UDP traffic is not encrypted and is available in clear text to any network observer, making it easy for ISPs to track even encrypted HTTPS traffic by looking at the DNS queries proceeding those connections.
This weakness has been known for a long time and is what led to the creation and current proliferation of DNS alternative protocols like DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT).
However, both DoH and DoT have their own drawbacks. DoH merely hides DNS inside HTTPS, while DoT adds TLS support to DNS, a cumbersome process for both DNS servers and app makers.
DoQ is currently viewed as the future of DNS encryption because it doesn't bother with playing tricks with adjacent technologies in the "application layer" of the internet protocol suite.
Instead, it replaces the old UDP with the newer QUIC, a layer below DNS, as its underlying technology, effectively giving DNS an upgrade to modern technology.
What is QUIC
QUIC is a new "data transport" protocol that started as a project at Google to develop an alternative to the aging and slower TCP protocol, which currently underpins most internet traffic today, together with UDP.
Google's first attempt to develop a TCP alternative was the SPDY protocol. SPDY was considered a success at the time and was eventually broadly adopted as the "data transport"