rfc9250.original   rfc9250.txt 
Network Working Group C. Huitema Internet Engineering Task Force (IETF) C. Huitema
Internet-Draft Private Octopus Inc. Request for Comments: 9250 Private Octopus Inc.
Intended status: Standards Track S. Dickinson Category: Standards Track S. Dickinson
Expires: 22 October 2022 Sinodun IT ISSN: 2070-1721 Sinodun IT
A. Mankin A. Mankin
Salesforce Salesforce
20 April 2022 May 2022
DNS over Dedicated QUIC Connections DNS over Dedicated QUIC Connections
draft-ietf-dprive-dnsoquic-12
Abstract Abstract
This document describes the use of QUIC to provide transport This document describes the use of QUIC to provide transport
confidentiality for DNS. The encryption provided by QUIC has similar confidentiality for DNS. The encryption provided by QUIC has similar
properties to those provided by TLS, while QUIC transport eliminates properties to those provided by TLS, while QUIC transport eliminates
the head-of-line blocking issues inherent with TCP and provides more the head-of-line blocking issues inherent with TCP and provides more
efficient packet loss recovery than UDP. DNS over QUIC (DoQ) has efficient packet-loss recovery than UDP. DNS over QUIC (DoQ) has
privacy properties similar to DNS over TLS (DoT) specified in privacy properties similar to DNS over TLS (DoT) specified in RFC
RFC7858, and latency characteristics similar to classic DNS over UDP. 7858, and latency characteristics similar to classic DNS over UDP.
This specification describes the use of DNS over QUIC as a general- This specification describes the use of DoQ as a general-purpose
purpose transport for DNS and includes the use of DNS over QUIC for transport for DNS and includes the use of DoQ for stub to recursive,
stub to recursive, recursive to authoritative, and zone transfer recursive to authoritative, and zone transfer scenarios.
scenarios.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 22 October 2022. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9250.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction
2. Key Words . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Key Words
3. Document work via GitHub . . . . . . . . . . . . . . . . . . 5 3. Design Considerations
4. Design Considerations . . . . . . . . . . . . . . . . . . . . 5 3.1. Provide DNS Privacy
4.1. Provide DNS Privacy . . . . . . . . . . . . . . . . . . . 5 3.2. Design for Minimum Latency
4.2. Design for Minimum Latency . . . . . . . . . . . . . . . 5 3.3. Middlebox Considerations
4.3. Middlebox Considerations . . . . . . . . . . . . . . . . 6 3.4. No Server-Initiated Transactions
4.4. No Server-Initiated Transactions . . . . . . . . . . . . 6 4. Specifications
5. Specifications . . . . . . . . . . . . . . . . . . . . . . . 6 4.1. Connection Establishment
5.1. Connection Establishment . . . . . . . . . . . . . . . . 7 4.1.1. Port Selection
5.1.1. Draft Version Identification . . . . . . . . . . . . 7 4.2. Stream Mapping and Usage
5.1.2. Port Selection . . . . . . . . . . . . . . . . . . . 7 4.2.1. DNS Message IDs
5.2. Stream Mapping and Usage . . . . . . . . . . . . . . . . 7 4.3. DoQ Error Codes
5.2.1. DNS Message IDs . . . . . . . . . . . . . . . . . . . 9 4.3.1. Transaction Cancellation
5.3. DoQ Error Codes . . . . . . . . . . . . . . . . . . . . . 9 4.3.2. Transaction Errors
5.3.1. Transaction Cancellation . . . . . . . . . . . . . . 10 4.3.3. Protocol Errors
5.3.2. Transaction Errors . . . . . . . . . . . . . . . . . 11 4.3.4. Alternative Error Codes
5.3.3. Protocol Errors . . . . . . . . . . . . . . . . . . . 11 4.4. Connection Management
5.3.4. Alternative error codes . . . . . . . . . . . . . . . 12 4.5. Session Resumption and 0-RTT
5.4. Connection Management . . . . . . . . . . . . . . . . . . 12 4.6. Message Sizes
5.5. Session Resumption and 0-RTT . . . . . . . . . . . . . . 13 5. Implementation Requirements
5.6. Message Sizes . . . . . . . . . . . . . . . . . . . . . . 14 5.1. Authentication
6. Implementation Requirements . . . . . . . . . . . . . . . . . 14 5.2. Fallback to Other Protocols on Connection Failure
6.1. Authentication . . . . . . . . . . . . . . . . . . . . . 14 5.3. Address Validation
6.2. Fallback to Other Protocols on Connection Failure . . . . 15 5.4. Padding
6.3. Address Validation . . . . . . . . . . . . . . . . . . . 15 5.5. Connection Handling
6.4. Padding . . . . . . . . . . . . . . . . . . . . . . . . . 16 5.5.1. Connection Reuse
6.5. Connection Handling . . . . . . . . . . . . . . . . . . . 16 5.5.2. Resource Management
6.5.1. Connection Reuse . . . . . . . . . . . . . . . . . . 17 5.5.3. Using 0-RTT and Session Resumption
6.5.2. Resource Management . . . . . . . . . . . . . . . . . 17 5.5.4. Controlling Connection Migration for Privacy
6.5.3. Using 0-RTT and Session Resumption . . . . . . . . . 18 5.6. Processing Queries in Parallel
6.5.4. Controlling Connection Migration For Privacy . . . . 18 5.7. Zone Transfer
6.6. Processing Queries in Parallel . . . . . . . . . . . . . 19 5.8. Flow Control Mechanisms
6.7. Zone transfer . . . . . . . . . . . . . . . . . . . . . . 19 6. Security Considerations
6.8. Flow Control Mechanisms . . . . . . . . . . . . . . . . . 19 7. Privacy Considerations
7. Implementation Status . . . . . . . . . . . . . . . . . . . . 20 7.1. Privacy Issues with 0-RTT data
7.1. Performance Measurements . . . . . . . . . . . . . . . . 21 7.2. Privacy Issues with Session Resumption
7.3. Privacy Issues with Address Validation Tokens
8. Security Considerations . . . . . . . . . . . . . . . . . . . 21 7.4. Privacy Issues with Long Duration Sessions
9. Privacy Considerations . . . . . . . . . . . . . . . . . . . 22 7.5. Traffic Analysis
9.1. Privacy Issues With 0-RTT data . . . . . . . . . . . . . 22 8. IANA Considerations
9.2. Privacy Issues With Session Resumption . . . . . . . . . 23 8.1. Registration of a DoQ Identification String
9.3. Privacy Issues With Address Validation Tokens . . . . . . 24 8.2. Reservation of a Dedicated Port
9.4. Privacy Issues With Long Duration Sessions . . . . . . . 24 8.3. Reservation of an Extended DNS Error Code: Too Early
9.5. Traffic Analysis . . . . . . . . . . . . . . . . . . . . 25 8.4. DNS-over-QUIC Error Codes Registry
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 9. References
10.1. Registration of DoQ Identification String . . . . . . . 25 9.1. Normative References
10.2. Reservation of Dedicated Port . . . . . . . . . . . . . 25 9.2. Informative References
10.3. Reservation of Extended DNS Error Code Too Early . . . . 26 Appendix A. The NOTIFY Service
10.4. DNS over QUIC Error Codes Registry . . . . . . . . . . . 27 Acknowledgements
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 Authors' Addresses
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 29
12.1. Normative References . . . . . . . . . . . . . . . . . . 29
12.2. Informative References . . . . . . . . . . . . . . . . . 31
Appendix A. The NOTIFY Service . . . . . . . . . . . . . . . . . 33
Appendix B. Notable Changes From Previous Versions . . . . . . . 33
B.1. Stream Mapping Incompatibility With Draft-02 . . . . . . 33
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 34
1. Introduction 1. Introduction
Domain Name System (DNS) concepts are specified in "Domain names - Domain Name System (DNS) concepts are specified in "Domain names -
concepts and facilities" [RFC1034]. The transmission of DNS queries concepts and facilities" [RFC1034]. The transmission of DNS queries
and responses over UDP and TCP is specified in "Domain names - and responses over UDP and TCP is specified in "Domain names -
implementation and specification" [RFC1035]. implementation and specification" [RFC1035].
This document presents a mapping of the DNS protocol over the QUIC This document presents a mapping of the DNS protocol over the QUIC
transport [RFC9000] [RFC9001]. DNS over QUIC is referred to here as transport [RFC9000] [RFC9001]. DNS over QUIC is referred to here as
DoQ, in line with "DNS Terminology" [I-D.ietf-dnsop-rfc8499bis]. DoQ, in line with "DNS Terminology" [DNS-TERMS].
The goals of the DoQ mapping are: The goals of the DoQ mapping are:
1. Provide the same DNS privacy protection as DNS over TLS (DoT) 1. Provide the same DNS privacy protection as DoT [RFC7858]. This
[RFC7858]. This includes an option for the client to includes an option for the client to authenticate the server by
authenticate the server by means of an authentication domain name means of an authentication domain name as specified in "Usage
as specified in "Usage Profiles for DNS over TLS and DNS over Profiles for DNS over TLS and DNS over DTLS" [RFC8310].
DTLS" [RFC8310].
2. Provide an improved level of source address validation for DNS 2. Provide an improved level of source address validation for DNS
servers compared to classic DNS over UDP. servers compared to classic DNS over UDP.
3. Provide a transport that does not impose path MTU limitations on 3. Provide a transport that does not impose path MTU limitations on
the size of DNS responses it can send. the size of DNS responses it can send.
In order to achieve these goals, and to support ongoing work on In order to achieve these goals, and to support ongoing work on
encryption of DNS, the scope of this document includes encryption of DNS, the scope of this document includes:
* the "stub to recursive resolver" scenario
* the "recursive resolver to authoritative nameserver" scenario and * the "stub to recursive resolver" scenario (also called the "stub
to recursive" scenario in this document)
* the "recursive resolver to authoritative nameserver" scenario
(also called the "recursive to authoritative" scenario in this
document), and
* the "nameserver to nameserver" scenario (mainly used for zone * the "nameserver to nameserver" scenario (mainly used for zone
transfers (XFR) [RFC1995], [RFC5936]). transfers (XFR) [RFC1995] [RFC5936]).
In other words, this document specifies QUIC as a general-purpose In other words, this document specifies QUIC as a general-purpose
transport for DNS. transport for DNS.
The specific non-goals of this document are: The specific non-goals of this document are:
1. No attempt is made to evade potential blocking of DNS over QUIC 1. No attempt is made to evade potential blocking of DoQ traffic by
traffic by middleboxes. middleboxes.
2. No attempt to support server-initiated transactions, which are 2. No attempt to support server-initiated transactions, which are
used only in DNS Stateful Operations (DSO) [RFC8490]. used only in DNS Stateful Operations (DSO) [RFC8490].
Specifying the transmission of an application over QUIC requires Specifying the transmission of an application over QUIC requires
specifying how the application's messages are mapped to QUIC streams, specifying how the application's messages are mapped to QUIC streams,
and generally how the application will use QUIC. This is done for and generally how the application will use QUIC. This is done for
HTTP in "Hypertext Transfer Protocol Version 3 HTTP in "Hypertext Transfer Protocol Version 3 (HTTP/3)" [HTTP/3].
(HTTP/3)"[I-D.ietf-quic-http]. The purpose of this document is to The purpose of this document is to define the way DNS messages can be
define the way DNS messages can be transmitted over QUIC. transmitted over QUIC.
DNS over HTTP [RFC8484] can be used with HTTP/3 to get some of the DNS over HTTPS (DoH) [RFC8484] can be used with HTTP/3 to get some of
benefits of QUIC. However, a lightweight direct mapping for DNS over the benefits of QUIC. However, a lightweight direct mapping for DoQ
QUIC can be regarded as a more natural fit for both the recursive to can be regarded as a more natural fit for both the recursive to
authoritative and zone transfer scenarios which rarely involve authoritative and zone transfer scenarios, which rarely involve
intermediaries. In these scenarios, the additional overhead of HTTP intermediaries. In these scenarios, the additional overhead of HTTP
is not offset by, e.g., benefits of HTTP proxying and caching is not offset by, for example, benefits of HTTP proxying and caching
behavior. behavior.
In this document, Section 4 presents the reasoning that guided the In this document, Section 3 presents the reasoning that guided the
proposed design. Section 5 specifies the actual mapping of DoQ. proposed design. Section 4 specifies the actual mapping of DoQ.
Section 6 presents guidelines on the implementation, usage and Section 5 presents guidelines on the implementation, usage, and
deployment of DoQ. deployment of DoQ.
2. Key Words 2. Key Words
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. Document work via GitHub 3. Design Considerations
(RFC EDITOR NOTE: THIS SECTION TO BE REMOVED BEFORE PUBLICATION)The
GitHub repository for this document is at https://github.com/huitema/
dnsoquic. Proposed text and editorial changes are very much welcomed
there, but any functional changes should always first be discussed on
the IETF DPRIVE WG (dns-privacy) mailing list.
4. Design Considerations
This section and its subsections present the design guidelines that This section and its subsections present the design guidelines that
were used for DoQ. Whilst all other sections in this document are were used for DoQ. While all other sections in this document are
normative, this section is informative in nature. normative, this section is informative in nature.
4.1. Provide DNS Privacy 3.1. Provide DNS Privacy
DoT [RFC7858] defines how to mitigate some of the issues described in DoT [RFC7858] defines how to mitigate some of the issues described in
"DNS Privacy Considerations" [RFC9076] by specifying how to transmit "DNS Privacy Considerations" [RFC9076] by specifying how to transmit
DNS messages over TLS. The "Usage Profiles for DNS over TLS and DNS DNS messages over TLS. The "Usage Profiles for DNS over TLS and DNS
over DTLS" [RFC8310] specify Strict and Opportunistic Usage Profiles over DTLS" [RFC8310] specify Strict and Opportunistic usage profiles
for DoT including how stub resolvers can authenticate recursive for DoT including how stub resolvers can authenticate recursive
resolvers. resolvers.
QUIC connection setup includes the negotiation of security parameters QUIC connection setup includes the negotiation of security parameters
using TLS, as specified in "Using TLS to Secure QUIC" [RFC9001], using TLS, as specified in "Using TLS to Secure QUIC" [RFC9001],
enabling encryption of the QUIC transport. Transmitting DNS messages enabling encryption of the QUIC transport. Transmitting DNS messages
over QUIC will provide essentially the same privacy protections as over QUIC will provide essentially the same privacy protections as
DoT [RFC7858] including Strict and Opportunistic Usage Profiles DoT [RFC7858] including Strict and Opportunistic usage profiles
[RFC8310]. Further discussion on this is provided in Section 9. [RFC8310]. Further discussion on this is provided in Section 7.
4.2. Design for Minimum Latency 3.2. Design for Minimum Latency
QUIC is specifically designed to reduce protocol-induced delays, with QUIC is specifically designed to reduce protocol-induced delays, with
features such as: features such as:
1. Support for 0-RTT data during session resumption. 1. Support for 0-RTT data during session resumption.
2. Support for advanced packet loss recovery procedures as specified 2. Support for advanced packet-loss recovery procedures as specified
in "QUIC Loss Detection and Congestion Control" [RFC9002]. in "QUIC Loss Detection and Congestion Control" [RFC9002].
3. Mitigation of head-of-line blocking by allowing parallel delivery 3. Mitigation of head-of-line blocking by allowing parallel delivery
of data on multiple streams. of data on multiple streams.
This mapping of DNS to QUIC will take advantage of these features in This mapping of DNS to QUIC will take advantage of these features in
three ways: three ways:
1. Optional support for sending 0-RTT data during session resumption 1. Optional support for sending 0-RTT data during session resumption
(the security and privacy implications of this are discussed in (the security and privacy implications of this are discussed in
later sections). later sections).
2. Long-lived QUIC connections over which multiple DNS transactions 2. Long-lived QUIC connections over which multiple DNS transactions
are performed, generating the sustained traffic required to are performed, generating the sustained traffic required to
benefit from advanced recovery features. benefit from advanced recovery features.
3. Mapping of each DNS Query/Response transaction to a separate 3. Mapping of each DNS Query/Response transaction to a separate
stream, to mitigate head-of-line blocking. This enables servers stream, to mitigate head-of-line blocking. This enables servers
to respond to queries "out of order". It also enables clients to to respond to queries "out of order". It also enables clients to
process responses as soon as they arrive, without having to wait process responses as soon as they arrive, without having to wait
for in order delivery of responses previously posted by the for in-order delivery of responses previously posted by the
server. server.
These considerations are reflected in the mapping of DNS traffic to These considerations are reflected in the mapping of DNS traffic to
QUIC streams in Section 5.2. QUIC streams in Section 4.2.
4.3. Middlebox Considerations 3.3. Middlebox Considerations
Using QUIC might allow a protocol to disguise its purpose from Using QUIC might allow a protocol to disguise its purpose from
devices on the network path using encryption and traffic analysis devices on the network path using encryption and traffic analysis
resistance techniques like padding, traffic pacing, and traffic resistance techniques like padding, traffic pacing, and traffic
shaping. This specification does not include any measures that are shaping. This specification does not include any measures that are
designed to avoid such classification -- the padding mechanisms designed to avoid such classification; the padding mechanisms defined
defined in Section 6.4 are intended to obfuscate the specific records in Section 5.4 are intended to obfuscate the specific records
contained in DNS queries and responses, but not the fact that this is contained in DNS queries and responses, but not the fact that this is
DNS traffic. Consequently, firewalls and other middleboxes might be DNS traffic. Consequently, firewalls and other middleboxes might be
able to distinguish DoQ from other protocols that use QUIC, like able to distinguish DoQ from other protocols that use QUIC, like
HTTP, and apply different treatment. HTTP, and apply different treatment.
The lack of measures in this specification to avoid protocol The lack of measures in this specification to avoid protocol
classification is not an endorsement of such practices. classification is not an endorsement of such practices.
4.4. No Server-Initiated Transactions 3.4. No Server-Initiated Transactions
As stated in Section 1, this document does not specify support for As stated in Section 1, this document does not specify support for
server-initiated transactions within established DoQ connections. server-initiated transactions within established DoQ connections.
That is, only the initiator of the DoQ connection may send queries That is, only the initiator of the DoQ connection may send queries
over the connection. over the connection.
DSO does support server-initiated transactions within existing DSO does support server-initiated transactions within existing
connections. However, DoQ as defined here does not meet the criteria connections. However, DoQ as defined here does not meet the criteria
for an applicable transport for DSO because it does not guarantee in- for an applicable transport for DSO because it does not guarantee in-
order delivery of messages, see Section 4.2 of [RFC8490]. order delivery of messages; see Section 4.2 of [RFC8490].
5. Specifications 4. Specifications
5.1. Connection Establishment
4.1. Connection Establishment
DoQ connections are established as described in the QUIC transport DoQ connections are established as described in the QUIC transport
specification [RFC9000]. During connection establishment, DoQ specification [RFC9000]. During connection establishment, DoQ
support is indicated by selecting the Application-Layer Protocol support is indicated by selecting the Application-Layer Protocol
Negotiation (ALPN) token "doq" in the crypto handshake. Negotiation (ALPN) token "doq" in the crypto handshake.
5.1.1. Draft Version Identification 4.1.1. Port Selection
(RFC EDITOR NOTE: THIS SECTION TO BE REMOVED BEFORE PUBLICATION) Only
implementations of the final, published RFC can identify themselves
as "doq". Until such an RFC exists, implementations MUST NOT
identify themselves using this string.
Implementations of draft versions of the protocol MUST add the string
"-" and the corresponding draft number to the identifier. For
example, draft-ietf-dprive-dnsoquic-00 is identified using the string
"doq-i00".
5.1.2. Port Selection
By default, a DNS server that supports DoQ MUST listen for and accept By default, a DNS server that supports DoQ MUST listen for and accept
QUIC connections on the dedicated UDP port TBD (number to be defined QUIC connections on the dedicated UDP port 853 (Section 8), unless
in Section 10), unless there is a mutual agreement to use another there is a mutual agreement to use another port.
port.
By default, a DNS client desiring to use DoQ with a particular server By default, a DNS client desiring to use DoQ with a particular server
MUST establish a QUIC connection to UDP port TBD on the server, MUST establish a QUIC connection to UDP port 853 on the server,
unless there is a mutual agreement to use another port. unless there is a mutual agreement to use another port.
DoQ connections MUST NOT use UDP port 53. This recommendation DoQ connections MUST NOT use UDP port 53. This recommendation
against use of port 53 for DoQ is to avoid confusion between DoQ and against use of port 53 for DoQ is to avoid confusion between DoQ and
the use of DNS over UDP [RFC1035]. The risk of confusion exists even the use of DNS over UDP [RFC1035]. The risk of confusion exists even
if two parties agreed on port 53, as other parties without knowledge if two parties agreed on port 53, as other parties without knowledge
of that agreement might still try to use that port. of that agreement might still try to use that port.
In the stub to recursive scenario, the use of port 443 as a mutually In the stub to recursive scenario, the use of port 443 as a mutually
agreed alternative port can be operationally beneficial, since port agreed alternative port can be operationally beneficial, since port
443 is used by many services using QUIC and HTTP-3 and thus less 443 is used by many services using QUIC and HTTP-3 and is thus less
likely to be blocked than other ports. Several mechanisms for stubs likely to be blocked than other ports. Several mechanisms for stubs
to discover recursives offering encrypted transports, including the to discover recursives offering encrypted transports, including the
use of custom ports, are the subject of ongoing work. use of custom ports, are the subject of ongoing work.
5.2. Stream Mapping and Usage 4.2. Stream Mapping and Usage
The mapping of DNS traffic over QUIC streams takes advantage of the The mapping of DNS traffic over QUIC streams takes advantage of the
QUIC stream features detailed in Section 2 of [RFC9000], the QUIC QUIC stream features detailed in Section 2 of [RFC9000], the QUIC
transport specification. transport specification.
DNS query/response traffic [RFC1034], [RFC1035] follows a simple DNS query/response traffic [RFC1034] [RFC1035] follows a simple
pattern in which the client sends a query, and the server provides pattern in which the client sends a query, and the server provides
one or more responses (multiple responses can occur in zone one or more responses (multiple responses can occur in zone
transfers). transfers).
The mapping specified here requires that the client selects a The mapping specified here requires that the client select a separate
separate QUIC stream for each query. The server then uses the same QUIC stream for each query. The server then uses the same stream to
stream to provide all the response messages for that query. In order provide all the response messages for that query. In order for
that multiple responses can be parsed, a 2-octet length field is used multiple responses to be parsed, a 2-octet length field is used in
in exactly the same way as the 2-octet length field defined for DNS exactly the same way as the 2-octet length field defined for DNS over
over TCP [RFC1035]. The practical result of this is that the content TCP [RFC1035]. The practical result of this is that the content of
of each QUIC stream is exactly the same as the content of a TCP each QUIC stream is exactly the same as the content of a TCP
connection that would manage exactly one query. connection that would manage exactly one query.
All DNS messages (queries and responses) sent over DoQ connections All DNS messages (queries and responses) sent over DoQ connections
MUST be encoded as a 2-octet length field followed by the message MUST be encoded as a 2-octet length field followed by the message
content as specified in [RFC1035]. content as specified in [RFC1035].
The client MUST select the next available client-initiated The client MUST select the next available client-initiated
bidirectional stream for each subsequent query on a QUIC connection, bidirectional stream for each subsequent query on a QUIC connection,
in conformance with the QUIC transport specification [RFC9000]. in conformance with the QUIC transport specification [RFC9000].
Packet losses and other network events might cause queries to arrive Packet losses and other network events might cause queries to arrive
in a different order. Servers SHOULD process queries as they arrive, in a different order. Servers SHOULD process queries as they arrive,
as not doing so would cause unnecessary delays. as not doing so would cause unnecessary delays.
The client MUST send the DNS query over the selected stream, and MUST The client MUST send the DNS query over the selected stream and MUST
indicate through the STREAM FIN mechanism that no further data will indicate through the STREAM FIN mechanism that no further data will
be sent on that stream. be sent on that stream.
The server MUST send the response(s) on the same stream and MUST The server MUST send the response(s) on the same stream and MUST
indicate, after the last response, through the STREAM FIN mechanism indicate, after the last response, through the STREAM FIN mechanism
that no further data will be sent on that stream. that no further data will be sent on that stream.
Therefore, a single DNS transaction consumes a single bidirectional Therefore, a single DNS transaction consumes a single bidirectional
client-initiated stream. This means that the client's first query client-initiated stream. This means that the client's first query
occurs on QUIC stream 0, the second on 4, and so on (see Section 2.1 occurs on QUIC stream 0, the second on 4, and so on (see Section 2.1
of [RFC9000]. of [RFC9000]).
Servers MAY defer processing of a query until the STREAM FIN has been Servers MAY defer processing of a query until the STREAM FIN has been
indicated on the stream selected by the client. indicated on the stream selected by the client.
Servers and clients MAY monitor the number of "dangling" streams. Servers and clients MAY monitor the number of "dangling" streams.
These are open streams where the following events have not occurred These are open streams where the following events have not occurred
after implementation defined timeouts: after implementation-defined timeouts:
* the expected queries or responses have not been received or, * the expected queries or responses have not been received or,
* the expected queries or responses have been received but not the * the expected queries or responses have been received but not the
STREAM FIN STREAM FIN
Implementations MAY impose a limit on the number of such dangling Implementations MAY impose a limit on the number of such dangling
streams. If limits are encountered, implementations MAY close the streams. If limits are encountered, implementations MAY close the
connection. connection.
5.2.1. DNS Message IDs 4.2.1. DNS Message IDs
When sending queries over a QUIC connection, the DNS Message ID MUST When sending queries over a QUIC connection, the DNS Message ID MUST
be set to zero. The stream mapping for DoQ allows for unambiguous be set to 0. The stream mapping for DoQ allows for unambiguous
correlation of queries and responses and so the Message ID field is correlation of queries and responses, so the Message ID field is not
not required. required.
This has implications for proxying DoQ message to and from other This has implications for proxying DoQ messages to and from other
transports. For example, proxies may have to manage the fact that transports. For example, proxies may have to manage the fact that
DoQ can support a larger number of outstanding queries on a single DoQ can support a larger number of outstanding queries on a single
connection than e.g., DNS over TCP because DoQ is not limited by the connection than, for example, DNS over TCP, because DoQ is not
Message ID space. This issue already exists for DoH, where a Message limited by the Message ID space. This issue already exists for DoH,
ID of 0 is recommended. where a Message ID of 0 is recommended.
When forwarding a DNS message from DoQ over another transport, a DNS When forwarding a DNS message from DoQ over another transport, a DNS
Message ID MUST be generated according to the rules of the protocol Message ID MUST be generated according to the rules of the protocol
that is in use. When forwarding a DNS message from another transport that is in use. When forwarding a DNS message from another transport
over DoQ, the Message ID MUST be set to zero. over DoQ, the Message ID MUST be set to 0.
5.3. DoQ Error Codes 4.3. DoQ Error Codes
The following error codes are defined for use when abruptly The following error codes are defined for use when abruptly
terminating streams, and used as application protocol error codes terminating streams, for use as application protocol error codes when
when aborting reading of streams, or immediately closing connections: aborting reading of streams, or for immediately closing connections:
DOQ_NO_ERROR (0x0): No error. This is used when the connection or DOQ_NO_ERROR (0x0): No error. This is used when the connection or
stream needs to be closed, but there is no error to signal. stream needs to be closed, but there is no error to signal.
DOQ_INTERNAL_ERROR (0x1): The DoQ implementation encountered an DOQ_INTERNAL_ERROR (0x1): The DoQ implementation encountered an
internal error and is incapable of pursuing the transaction or the internal error and is incapable of pursuing the transaction or the
connection. connection.
DOQ_PROTOCOL_ERROR (0x2): The DoQ implementation encountered a DOQ_PROTOCOL_ERROR (0x2): The DoQ implementation encountered a
protocol error and is forcibly aborting the connection. protocol error and is forcibly aborting the connection.
DOQ_REQUEST_CANCELLED (0x3): A DoQ client uses this to signal that DOQ_REQUEST_CANCELLED (0x3): A DoQ client uses this to signal that
it wants to cancel an outstanding transaction. it wants to cancel an outstanding transaction.
DOQ_EXCESSIVE_LOAD (0x4): A DoQ implementation uses this to signal DOQ_EXCESSIVE_LOAD (0x4): A DoQ implementation uses this to signal
when closing a connection due to excessive load. when closing a connection due to excessive load.
DOQ_UNSPECIFIED_ERROR (0x5): A DoQ implementation uses this in the DOQ_UNSPECIFIED_ERROR (0x5): A DoQ implementation uses this in the
absence of a more specific error code. absence of a more specific error code.
DOQ_ERROR_RESERVED (0xd098ea5e): Alternative error code used for DOQ_ERROR_RESERVED (0xd098ea5e): An alternative error code used for
tests. tests.
See Section 10.4 for details on registering new error codes. See Section 8.4 for details on registering new error codes.
5.3.1. Transaction Cancellation 4.3.1. Transaction Cancellation
In QUIC, sending STOP_SENDING requests that a peer cease transmission In QUIC, sending STOP_SENDING requests that a peer cease transmission
on a stream. If a DoQ client wishes to cancel an outstanding on a stream. If a DoQ client wishes to cancel an outstanding
request, it MUST issue a QUIC STOP_SENDING, and it SHOULD use the request, it MUST issue a QUIC STOP_SENDING, and it SHOULD use the
error code DOQ_REQUEST_CANCELLED. It MAY use a more specific error error code DOQ_REQUEST_CANCELLED. It MAY use a more specific error
code registered according to Section 10.4. The STOP_SENDING request code registered according to Section 8.4. The STOP_SENDING request
may be sent at any time but will have no effect if the server may be sent at any time but will have no effect if the server
response has already been sent, in which case the client will simply response has already been sent, in which case the client will simply
discard the incoming response. The corresponding DNS transaction discard the incoming response. The corresponding DNS transaction
MUST be abandoned. MUST be abandoned.
Servers that receive STOP_SENDING act in accordance with Section 3.5 Servers that receive STOP_SENDING act in accordance with Section 3.5
of [RFC9000]. Servers SHOULD NOT continue processing a DNS of [RFC9000]. Servers SHOULD NOT continue processing a DNS
transaction if they receive a STOP_SENDING. transaction if they receive a STOP_SENDING.
Servers MAY impose implementation limits on the total number or rate Servers MAY impose implementation limits on the total number or rate
of request cancellations. If limits are encountered, servers MAY of cancellation requests. If limits are encountered, servers MAY
close the connection. In this case, servers wanting to help client close the connection. In this case, servers wanting to help client
debugging MAY use the error code DOQ_EXCESSIVE_LOAD. There is always debugging MAY use the error code DOQ_EXCESSIVE_LOAD. There is always
a trade-off between helping good faith clients debug issues and a trade-off between helping good faith clients debug issues and
allowing denial-of-service attackers to test server defenses, so allowing denial-of-service attackers to test server defenses;
depending on circumstances servers might very well choose to send depending on circumstances servers might very well choose to send
different error codes. different error codes.
Note that this mechanism provides a way for secondaries to cancel a Note that this mechanism provides a way for secondaries to cancel a
single zone transfer occurring on a given stream without having to single zone transfer occurring on a given stream without having to
close the QUIC connection. close the QUIC connection.
Servers MUST NOT continue processing a DNS transaction if they Servers MUST NOT continue processing a DNS transaction if they
receive a RESET_STREAM request from the client before the client receive a RESET_STREAM request from the client before the client
indicates the STREAM FIN. The server MUST issue a RESET_STREAM to indicates the STREAM FIN. The server MUST issue a RESET_STREAM to
indicate that the transaction is abandoned unless indicate that the transaction is abandoned unless:
* it has already done so for another reason or * it has already done so for another reason or
* it has already both sent the response and indicated the STREAM * it has already both sent the response and indicated the STREAM
FIN. FIN.
5.3.2. Transaction Errors 4.3.2. Transaction Errors
Servers normally complete transactions by sending a DNS response (or Servers normally complete transactions by sending a DNS response (or
responses) on the transaction's stream, including cases where the DNS responses) on the transaction's stream, including cases where the DNS
response indicates a DNS error. For example, a Server Failure response indicates a DNS error. For example, a client SHOULD be
(SERVFAIL, [RFC1035]) SHOULD be notified to the client by sending notified of a Server Failure (SERVFAIL, [RFC1035]) through a response
back a response with the Response Code set to SERVFAIL. with the Response Code set to SERVFAIL.
If a server is incapable of sending a DNS response due to an internal If a server is incapable of sending a DNS response due to an internal
error, it SHOULD issue a QUIC RESET_STREAM frame. The error code error, it SHOULD issue a QUIC RESET_STREAM frame. The error code
SHOULD be set to DOQ_INTERNAL_ERROR. The corresponding DNS SHOULD be set to DOQ_INTERNAL_ERROR. The corresponding DNS
transaction MUST be abandoned. Clients MAY limit the number of transaction MUST be abandoned. Clients MAY limit the number of
unsolicited QUIC Stream Resets received on a connection before unsolicited QUIC RESET_STREAM frames received on a connection before
choosing to close the connection. choosing to close the connection.
Note that this mechanism provides a way for primaries to abort a Note that this mechanism provides a way for primaries to abort a
single zone transfer occurring on a given stream without having to single zone transfer occurring on a given stream without having to
close the QUIC connection. close the QUIC connection.
5.3.3. Protocol Errors 4.3.3. Protocol Errors
Other error scenarios can occur due to malformed, incomplete or Other error scenarios can occur due to malformed, incomplete, or
unexpected messages during a transaction. These include (but are not unexpected messages during a transaction. These include (but are not
limited to) limited to):
* a client or server receives a message with a non-zero Message ID * a client or server receives a message with a non-zero Message ID
* a client or server receives a STREAM FIN before receiving all the * a client or server receives a STREAM FIN before receiving all the
bytes for a message indicated in the 2-octet length field bytes for a message indicated in the 2-octet length field
* a client receives a STREAM FIN before receiving all the expected * a client receives a STREAM FIN before receiving all the expected
responses responses
* a server receives more than one query on a stream * a server receives more than one query on a stream
* a client receives a different number of responses on a stream than * a client receives a different number of responses on a stream than
expected (e.g., multiple responses to a query for an A record) expected (e.g., multiple responses to a query for an A record)
* a client receives a STOP_SENDING request * a client receives a STOP_SENDING request
* the client or server does not indicate the expected STREAM FIN * the client or server does not indicate the expected STREAM FIN
after sending requests or responses (see Section 5.2). after sending requests or responses (see Section 4.2)
* an implementation receives a message containing the edns-tcp- * an implementation receives a message containing the edns-tcp-
keepalive EDNS(0) Option [RFC7828] (see Section 6.5.2) keepalive EDNS(0) Option [RFC7828] (see Section 5.5.2)
* a client or a server attempts to open a unidirectional QUIC stream * a client or a server attempts to open a unidirectional QUIC stream
* a server attempts to open a server-initiated bidirectional QUIC * a server attempts to open a server-initiated bidirectional QUIC
stream stream
* receiving a "replayable" transaction in O-RTT data (for servers * a server receives a "replayable" transaction in 0-RTT data (for
not willing to handle this case - see section Section 5.5) servers not willing to handle this case, see Section 4.5)
If a peer encounters such an error condition it is considered a fatal If a peer encounters such an error condition, it is considered a
error. It SHOULD forcibly abort the connection using QUIC's fatal error. It SHOULD forcibly abort the connection using QUIC's
CONNECTION_CLOSE mechanism, and SHOULD use the DoQ error code CONNECTION_CLOSE mechanism and SHOULD use the DoQ error code
DOQ_PROTOCOL_ERROR. In some cases, it MAY instead silently abandon DOQ_PROTOCOL_ERROR. In some cases, it MAY instead silently abandon
the connection, which uses fewer of the local resources but makes the connection, which uses fewer of the local resources but makes
debugging at the offending node more difficult. debugging at the offending node more difficult.
It is noted that the restrictions on use of the above EDNS(0) options It is noted that the restrictions on use of the above EDNS(0) option
has implications for proxying message from TCP/DoT/DoH over DoQ. has implications for proxying messages from TCP/DoT/DoH over DoQ.
5.3.4. Alternative error codes 4.3.4. Alternative Error Codes
This specification suggests specific error codes in Section 5.3.1, This specification describes specific error codes in Sections 4.3.1,
Section 5.3.2, and Section 5.3.3. These error codes are meant to 4.3.2, and 4.3.3. These error codes are meant to facilitate
facilitate investigation of failures and other incidents. New error investigation of failures and other incidents. New error codes may
codes may be defined in future versions of DoQ, or registered as be defined in future versions of DoQ or registered as specified in
specified in Section 10.4. Section 8.4.
Because new error codes can be defined without negotiation, use of an Because new error codes can be defined without negotiation, use of an
error code in an unexpected context or receipt of an unknown error error code in an unexpected context or receipt of an unknown error
code MUST be treated as equivalent to DOQ_UNSPECIFIED_ERROR. code MUST be treated as equivalent to DOQ_UNSPECIFIED_ERROR.
Implementations MAY wish to test the support for the error code Implementations MAY wish to test the support for the error code
extension mechanism by using error codes not listed in this document, extension mechanism by using error codes not listed in this document,
or they MAY use DOQ_ERROR_RESERVED. or they MAY use DOQ_ERROR_RESERVED.
5.4. Connection Management 4.4. Connection Management
Section 10 of [RFC9000], the QUIC transport specification, specifies Section 10 of [RFC9000], the QUIC transport specification, specifies
that connections can be closed in three ways: that connections can be closed in three ways:
* idle timeout * idle timeout
* immediate close * immediate close
* stateless reset * stateless reset
Clients and servers implementing DoQ SHOULD negotiate use of the idle Clients and servers implementing DoQ SHOULD negotiate use of the idle
timeout. Closing on idle timeout is done without any packet timeout. Closing on idle timeout is done without any packet
exchange, which minimizes protocol overhead. Per Section 10.1 of exchange, which minimizes protocol overhead. Per Section 10.1 of
[RFC9000], the QUIC transport specification, the effective value of [RFC9000], the QUIC transport specification, the effective value of
the idle timeout is computed as the minimum of the values advertised the idle timeout is computed as the minimum of the values advertised
by the two endpoints. Practical considerations on setting the idle by the two endpoints. Practical considerations on setting the idle
timeout are discussed in Section 6.5.2. timeout are discussed in Section 5.5.2.
Clients SHOULD monitor the idle time incurred on their connection to Clients SHOULD monitor the idle time incurred on their connection to
the server, defined by the time spent since the last packet from the the server, defined by the time spent since the last packet from the
server has been received. When a client prepares to send a new DNS server has been received. When a client prepares to send a new DNS
query to the server, it SHOULD check whether the idle time is query to the server, it SHOULD check whether the idle time is
sufficiently lower than the idle timer. If it is, the client SHOULD sufficiently lower than the idle timer. If it is, the client SHOULD
send the DNS query over the existing connection. If not, the client send the DNS query over the existing connection. If not, the client
SHOULD establish a new connection and send the query over that SHOULD establish a new connection and send the query over that
connection. connection.
Clients MAY discard their connections to the server before the idle Clients MAY discard their connections to the server before the idle
timeout expires. A client that has outstanding queries SHOULD close timeout expires. A client that has outstanding queries SHOULD close
the connection explicitly using QUIC's CONNECTION_CLOSE mechanism and the connection explicitly using QUIC's CONNECTION_CLOSE mechanism and
the DoQ error code DOQ_NO_ERROR. the DoQ error code DOQ_NO_ERROR.
Clients and servers MAY close the connection for a variety of other Clients and servers MAY close the connection for a variety of other
reasons, indicated using QUIC's CONNECTION_CLOSE. Client and servers reasons, indicated using QUIC's CONNECTION_CLOSE. Client and servers
that send packets over a connection discarded by their peer might that send packets over a connection discarded by their peer might
receive a stateless reset indication. If a connection fails, all the receive a stateless reset indication. If a connection fails, all the
in progress transaction on that connection MUST be abandoned. in-progress transactions on that connection MUST be abandoned.
5.5. Session Resumption and 0-RTT 4.5. Session Resumption and 0-RTT
A client MAY take advantage of the session resumption and 0-RTT A client MAY take advantage of the session resumption and 0-RTT
mechanisms supported by QUIC transport [RFC9000] and QUIC TLS mechanisms supported by QUIC transport [RFC9000] and QUIC TLS
[RFC9001], if the server supports them. Clients SHOULD consider [RFC9001] if the server supports them. Clients SHOULD consider
potential privacy issues associated with session resumption before potential privacy issues associated with session resumption before
deciding to use this mechanism and specifically evaluate the trade- deciding to use this mechanism and specifically evaluate the trade-
offs presented in the various sections of this document. The privacy offs presented in the various sections of this document. The privacy
issues are detailed in Section 9.1 and Section 9.2, and the issues are detailed in Sections 7.1 and 7.2, and the implementation
implementation considerations are discussed in Section 6.5.3. considerations are discussed in Section 5.5.3.
The 0-RTT mechanism MUST NOT be used to send DNS requests that are The 0-RTT mechanism MUST NOT be used to send DNS requests that are
not "replayable" transactions. In this specification, only not "replayable" transactions. In this specification, only
transactions that have an OPCODE of QUERY or NOTIFY are considered transactions that have an OPCODE of QUERY or NOTIFY are considered
replayable and therefore other OPCODES MUST NOT be sent in 0-RTT replayable; therefore, other OPCODES MUST NOT be sent in 0-RTT data.
data. See Appendix A for a detailed discussion of why NOTIFY is See Appendix A for a detailed discussion of why NOTIFY is included
included here. here.
Servers MAY support session resumption, and MAY do that with or Servers MAY support session resumption, and MAY do that with or
without supporting 0-RTT, using the mechanisms described in without supporting 0-RTT, using the mechanisms described in
Section 4.6.1 of [RFC9001]. Servers supporting 0-RTT MUST NOT Section 4.6.1 of [RFC9001]. Servers supporting 0-RTT MUST NOT
immediately process non-replayable transactions received in 0-RTT immediately process non-replayable transactions received in 0-RTT
data, but instead MUST adopt one of the following behaviours: data but instead MUST adopt one of the following behaviors:
* Queue the offending transaction and only process it after the QUIC * Queue the offending transaction and only process it after the QUIC
handshake has been completed, as defined in Section 4.1.1 of handshake has been completed, as defined in Section 4.1.1 of
[RFC9001]. [RFC9001].
* Reply to the offending transaction with a response code REFUSED * Reply to the offending transaction with a response code REFUSED
and an Extended DNS Error Code (EDE) "Too Early", using the and an Extended DNS Error Code (EDE) "Too Early" using the
extended RCODE mechanisms defined in [RFC6891] and the extended extended RCODE mechanisms defined in [RFC6891] and the extended
DNS errros defined in [RFC8914]; see Section 10.3. DNS errors defined in [RFC8914]; see Section 8.3.
* Close the connection with the error code DOQ_PROTOCOL_ERROR. * Close the connection with the error code DOQ_PROTOCOL_ERROR.
5.6. Message Sizes 4.6. Message Sizes
DoQ Queries and Responses are sent on QUIC streams, which in theory DoQ queries and responses are sent on QUIC streams, which in theory
can carry up to 2^62 bytes. However, DNS messages are restricted in can carry up to 2^62 bytes. However, DNS messages are restricted in
practice to a maximum size of 65535 bytes. This maximum size is practice to a maximum size of 65535 bytes. This maximum size is
enforced by the use of a two-octet message length field in DNS over enforced by the use of a 2-octet message length field in DNS over TCP
TCP [RFC1035] and DNS over TLS [RFC7858], and by the definition of [RFC1035] and DoT [RFC7858], and by the definition of the
the "application/dns-message" for DNS over HTTP [RFC8484]. DoQ "application/dns-message" for DoH [RFC8484]. DoQ enforces the same
enforces the same restriction. restriction.
The Extension Mechanisms for DNS (EDNS) [RFC6891] allow peers to The Extension Mechanisms for DNS (EDNS(0)) [RFC6891] allow peers to
specify the UDP message size. This parameter is ignored by DoQ. DoQ specify the UDP message size. This parameter is ignored by DoQ. DoQ
implementations always assume that the maximum message size is 65535 implementations always assume that the maximum message size is 65535
bytes. bytes.
6. Implementation Requirements 5. Implementation Requirements
6.1. Authentication 5.1. Authentication
For the stub to recursive resolver scenario, the authentication For the stub to recursive scenario, the authentication requirements
requirements are the same as described in DoT [RFC7858] and "Usage are the same as described in DoT [RFC7858] and "Usage Profiles for
Profiles for DNS over TLS and DNS over DTLS" [RFC8310]. [RFC8932] DNS over TLS and DNS over DTLS" [RFC8310]. [RFC8932] states that DNS
states that DNS privacy services SHOULD provide credentials that privacy services SHOULD provide credentials that clients can use to
clients can use to authenticate the server. Given this, and to align authenticate the server. Given this, and to align with the
with the authentication model for DoH, DoQ stubs SHOULD use a Strict authentication model for DoH, DoQ stubs SHOULD use a Strict usage
authentication profile. Client authentication for the encrypted stub profile. Client authentication for the encrypted stub to recursive
to recursive scenario is not described in any DNS RFC. scenario is not described in any DNS RFC.
For zone transfer, the authentication requirements are the same as For zone transfer, the authentication requirements are the same as
described in [RFC9103]. described in [RFC9103].
For the recursive resolver to authoritative nameserver scenario, For the recursive to authoritative scenario, authentication
authentication requirements are unspecified at the time of writing requirements are unspecified at the time of writing and are the
and are the subject on ongoing work in the DPRIVE WG. subject of ongoing work in the DPRIVE WG.
6.2. Fallback to Other Protocols on Connection Failure 5.2. Fallback to Other Protocols on Connection Failure
If the establishment of the DoQ connection fails, clients MAY attempt If the establishment of the DoQ connection fails, clients MAY attempt
to fall back to DoT and then potentially clear text, as specified in to fall back to DoT and then potentially cleartext, as specified in
DoT [RFC7858] and "Usage Profiles for DNS over TLS and DNS over DTLS" DoT [RFC7858] and "Usage Profiles for DNS over TLS and DNS over DTLS"
[RFC8310], depending on their privacy profile. [RFC8310], depending on their usage profile.
DNS clients SHOULD remember server IP addresses that don't support DNS clients SHOULD remember server IP addresses that don't support
DoQ. Mobile clients might also remember the lack of DoQ support by DoQ. Mobile clients might also remember the lack of DoQ support by
given IP addresses on a per-context basis (e.g.per network or given IP addresses on a per-context basis (e.g., per network or
provisioning domain). provisioning domain).
Timeouts, connection refusals, and QUIC handshake failures are Timeouts, connection refusals, and QUIC handshake failures are
indicators that a server does not support DoQ. Clients SHOULD NOT indicators that a server does not support DoQ. Clients SHOULD NOT
attempt DoQ queries to a server that does not support DoQ for a attempt DoQ queries to a server that does not support DoQ for a
reasonable period (such as one hour per server). DNS clients reasonable period (such as one hour per server). DNS clients
following an out-of-band key-pinned privacy profile ([RFC7858]) MAY following an out-of-band key-pinned usage profile [RFC7858] MAY be
be more aggressive about retrying after DoQ connection failures. more aggressive about retrying after DoQ connection failures.
6.3. Address Validation 5.3. Address Validation
Section 8 of [RFC9000], the QUIC transport specification, defines Section 8 of [RFC9000], the QUIC transport specification, defines
Address Validation procedures to avoid servers being used in address Address Validation procedures to avoid servers being used in address
amplification attacks. DoQ implementations MUST conform to this amplification attacks. DoQ implementations MUST conform to this
specification, which limits the worst case amplification to a factor specification, which limits the worst-case amplification to a factor
3. 3.
DoQ implementations SHOULD consider configuring servers to use the DoQ implementations SHOULD consider configuring servers to use the
Address Validation using Retry Packets procedure defined in Address Validation using Retry Packets procedure defined in
Section 8.1.2 of [RFC9000], the QUIC transport specification. This Section 8.1.2 of [RFC9000], the QUIC transport specification. This
procedure imposes a 1-RTT delay for verifying the return routability procedure imposes a 1-RTT delay for verifying the return routability
of the source address of a client, similar to the DNS Cookies of the source address of a client, similar to the DNS Cookies
mechanism [RFC7873]. mechanism [RFC7873].
DoQ implementations that configure Address Validation using Retry DoQ implementations that configure Address Validation using Retry
Packets SHOULD implement the Address Validation for Future Packets SHOULD implement the Address Validation for Future
Connections procedure defined in Section 8.1.3 of [RFC9000], the QUIC Connections procedure defined in Section 8.1.3 of [RFC9000], the QUIC
transport specification. This defines how servers can send NEW_TOKEN transport specification. This defines how servers can send NEW_TOKEN
frames to clients after the client address is validated, in order to frames to clients after the client address is validated in order to
avoid the 1-RTT penalty during subsequent connections by the client avoid the 1-RTT penalty during subsequent connections by the client
from the same address. from the same address.
6.4. Padding 5.4. Padding
Implementations MUST protect against the traffic analysis attacks Implementations MUST protect against the traffic analysis attacks
described in Section 9.5 by the judicious injection of padding. This described in Section 7.5 by the judicious injection of padding. This
could be done either by padding individual DNS messages using the could be done either by padding individual DNS messages using the
EDNS(0) Padding Option [RFC7830] or by padding QUIC packets (see EDNS(0) Padding Option [RFC7830] or by padding QUIC packets (see
Section 19.1 of [RFC9000]. Section 19.1 of [RFC9000]).
In theory, padding at the QUIC packet level could result in better In theory, padding at the QUIC packet level could result in better
performance for the equivalent protection, because the amount of performance for the equivalent protection, because the amount of
padding can take into account non-DNS frames such as acknowledgements padding can take into account non-DNS frames such as acknowledgements
or flow control updates, and also because QUIC packets can carry or flow control updates, and also because QUIC packets can carry
multiple DNS messages. However, applications can only control the multiple DNS messages. However, applications can only control the
amount of padding in QUIC packets if the implementation of QUIC amount of padding in QUIC packets if the implementation of QUIC
exposes adequate APIs. This leads to the following recommendation: exposes adequate APIs. This leads to the following recommendations:
* if the implementation of QUIC exposes APIs to set a padding * If the implementation of QUIC exposes APIs to set a padding
policy, DNS over QUIC SHOULD use that API to align the packet policy, DoQ SHOULD use that API to align the packet length to a
length to a small set of fixed sizes. small set of fixed sizes.
* if padding at the QUIC packet level is not available or not used, * If padding at the QUIC packet level is not available or not used,
DNS over QUIC MUST ensure that all DNS queries and responses are DoQ MUST ensure that all DNS queries and responses are padded to a
padded to a small set of fixed sizes, using the EDNS(0) padding small set of fixed sizes, using the EDNS(0) padding extension as
extension as specified in [RFC7830]. specified in [RFC7830].
Implementation might choose not to use a QUIC API for padding if it Implementations might choose not to use a QUIC API for padding if it
is significantly simpler to re-use existing DNS message padding logic is significantly simpler to reuse existing DNS message padding logic
which is applied to other encrypted transports. that is applied to other encrypted transports.
In the absence of a standard policy for padding sizes, In the absence of a standard policy for padding sizes,
implementations SHOULD follow the recommendations of the Experimental implementations SHOULD follow the recommendations of the Experimental
status "Padding Policies for Extension Mechanisms for DNS (EDNS(0))" status "Padding Policies for Extension Mechanisms for DNS (EDNS(0))"
[RFC8467]. While Experimental, these recommendations are referenced [RFC8467]. While Experimental, these recommendations are referenced
because they are implemented and deployed for DoT, and provide a way because they are implemented and deployed for DoT and provide a way
for implementations to be fully compliant with this specification. for implementations to be fully compliant with this specification.
6.5. Connection Handling 5.5. Connection Handling
"DNS Transport over TCP - Implementation Requirements" [RFC7766] "DNS Transport over TCP - Implementation Requirements" [RFC7766]
provides updated guidance on DNS over TCP, some of which is provides updated guidance on DNS over TCP, some of which is
applicable to DoQ. This section provides similar advice on applicable to DoQ. This section provides similar advice on
connection handling for DoQ. connection handling for DoQ.
6.5.1. Connection Reuse 5.5.1. Connection Reuse
Historic implementations of DNS clients are known to open and close Historic implementations of DNS clients are known to open and close
TCP connections for each DNS query. To amortize connection setup TCP connections for each DNS query. To amortize connection setup
costs, both clients and servers SHOULD support connection reuse by costs, both clients and servers SHOULD support connection reuse by
sending multiple queries and responses over a single persistent QUIC sending multiple queries and responses over a single persistent QUIC
connection. connection.
In order to achieve performance on par with UDP, DNS clients SHOULD In order to achieve performance on par with UDP, DNS clients SHOULD
send their queries concurrently over the QUIC streams on a QUIC send their queries concurrently over the QUIC streams on a QUIC
connection. That is, when a DNS client sends multiple queries to a connection. That is, when a DNS client sends multiple queries to a
server over a QUIC connection, it SHOULD NOT wait for an outstanding server over a QUIC connection, it SHOULD NOT wait for an outstanding
reply before sending the next query. reply before sending the next query.
6.5.2. Resource Management 5.5.2. Resource Management
Proper management of established and idle connections is important to Proper management of established and idle connections is important to
the healthy operation of a DNS server. the healthy operation of a DNS server.
An implementation of DoQ SHOULD follow best practices similar to An implementation of DoQ SHOULD follow best practices similar to
those specified for DNS over TCP [RFC7766], in particular with regard those specified for DNS over TCP [RFC7766], in particular with regard
to: to:
* Concurrent Connections (Section 6.2.2 of [RFC7766], updated by * Concurrent Connections (Section 6.2.2 of [RFC7766], updated by
Section 6.4 of [RFC9103]) Section 6.4 of [RFC9103])
skipping to change at page 18, line 5 skipping to change at line 766
the edns-tcp-keepalive EDNS(0) Option [RFC7828] in any messages sent the edns-tcp-keepalive EDNS(0) Option [RFC7828] in any messages sent
on a DoQ connection (because it is specific to the use of TCP/TLS as on a DoQ connection (because it is specific to the use of TCP/TLS as
a transport). a transport).
This document does not make specific recommendations for timeout This document does not make specific recommendations for timeout
values on idle connections. Clients and servers should reuse and/or values on idle connections. Clients and servers should reuse and/or
close connections depending on the level of available resources. close connections depending on the level of available resources.
Timeouts may be longer during periods of low activity and shorter Timeouts may be longer during periods of low activity and shorter
during periods of high activity. during periods of high activity.
6.5.3. Using 0-RTT and Session Resumption 5.5.3. Using 0-RTT and Session Resumption
Using 0-RTT for DNS over QUIC has many compelling advantages. Using 0-RTT for DoQ has many compelling advantages. Clients can
Clients can establish connections and send queries without incurring establish connections and send queries without incurring a connection
a connection delay. Servers can thus negotiate low values of the delay. Servers can thus negotiate low values of the connection
connection timers, which reduces the total number of connections that timers, which reduces the total number of connections that they need
they need to manage. They can do that because the clients that use to manage. They can do that because the clients that use 0-RTT will
0-RTT will not incur latency penalties if new connections are not incur latency penalties if new connections are required for a
required for a query. query.
Session resumption and 0-RTT data transmission create privacy risks Session resumption and 0-RTT data transmission create privacy risks
detailed in Section 9.2 and Section 9.1. The following detailed in Sections 7.1 and 7.2. The following recommendations are
recommendations are meant to reduce the privacy risks while enjoying meant to reduce the privacy risks while enjoying the performance
the performance benefits of 0-RTT data, subject to the restrictions benefits of 0-RTT data, subject to the restrictions specified in
specified in Section 5.5. Section 4.5.
Clients SHOULD use resumption tickets only once, as specified in Clients SHOULD use resumption tickets only once, as specified in
Appendix C.4 to [RFC8446]. By default, clients SHOULD NOT use Appendix C.4 of [RFC8446]. By default, clients SHOULD NOT use
session resumption if the client's connectivity has changed. session resumption if the client's connectivity has changed.
Clients could receive address validation tokens from the server using Clients could receive address validation tokens from the server using
the NEW_TOKEN mechanism; see Section 8 of [RFC9000]. The associated the NEW_TOKEN mechanism; see Section 8 of [RFC9000]. The associated
tracking risks are mentioned in Section 9.3. Clients SHOULD only use tracking risks are mentioned in Section 7.3. Clients SHOULD only use
the address validation tokens when they are also using session the address validation tokens when they are also using session
resumption, thus avoiding additional tracking risks. resumption thus avoiding additional tracking risks.
Servers SHOULD issue session resumption tickets with a sufficiently Servers SHOULD issue session resumption tickets with a sufficiently
long lifetime (e.g., 6 hours), so that clients are not tempted to long lifetime (e.g., 6 hours), so that clients are not tempted to
either keep connection alive or frequently poll the server to renew either keep the connection alive or frequently poll the server to
session resumption tickets. Servers SHOULD implement the anti-replay renew session resumption tickets. Servers SHOULD implement the anti-
mechanisms specified in Section 8 of [RFC8446]. replay mechanisms specified in Section 8 of [RFC8446].
6.5.4. Controlling Connection Migration For Privacy 5.5.4. Controlling Connection Migration for Privacy
DoQ implementations might consider using the connection migration DoQ implementations might consider using the connection migration
features defined in Section 9 of [RFC9000]. These features enable features defined in Section 9 of [RFC9000]. These features enable
connections to continue operating as the client's connectivity connections to continue operating as the client's connectivity
changes. As detailed in Section 9.4, these features trade off changes. As detailed in Section 7.4, these features trade off
privacy for latency. By default, clients SHOULD be configured to privacy for latency. By default, clients SHOULD be configured to
prioritize privacy and start new sessions if their connectivity prioritize privacy and start new sessions if their connectivity
changes. changes.
6.6. Processing Queries in Parallel 5.6. Processing Queries in Parallel
As specified in Section 7 of [RFC7766] "DNS Transport over TCP - As specified in Section 7 of [RFC7766] "DNS Transport over TCP -
Implementation Requirements", resolvers are RECOMMENDED to support Implementation Requirements", resolvers are RECOMMENDED to support
the preparing of responses in parallel and sending them out of order. the preparing of responses in parallel and sending them out of order.
In DoQ, they do that by sending responses on their specific stream as In DoQ, they do that by sending responses on their specific stream as
soon as possible, without waiting for availability of responses for soon as possible, without waiting for availability of responses for
previously opened streams. previously opened streams.
6.7. Zone transfer 5.7. Zone Transfer
[RFC9103] specifies zone transfer over TLS (XoT) and includes updates [RFC9103] specifies zone transfer over TLS (XoT) and includes updates
to [RFC1995] (IXFR), [RFC5936] (AXFR) and [RFC7766]. Considerations to [RFC1995] (IXFR), [RFC5936] (AXFR), and [RFC7766]. Considerations
relating to the re-use of XoT connections described there apply relating to the reuse of XoT connections described there apply
analogously to zone transfers performed using DoQ connections. One analogously to zone transfers performed using DoQ connections. One
reason for re-iterating such specific guidance is the lack of reason for reiterating such specific guidance is the lack of
effective connection re-use in existing TCP/TLS zone transfer effective connection reuse in existing TCP/TLS zone transfer
implementations today. The following recommendations apply: implementations today. The following recommendations apply:
* DoQ servers MUST be able to handle multiple concurrent IXFR * DoQ servers MUST be able to handle multiple concurrent IXFR
requests on a single QUIC connection requests on a single QUIC connection.
* DoQ servers MUST be able to handle multiple concurrent AXFR * DoQ servers MUST be able to handle multiple concurrent AXFR
requests on a single QUIC connection requests on a single QUIC connection.
* DoQ implementations SHOULD * DoQ implementations SHOULD
- use the same QUIC connection for both AXFR and IXFR requests to - use the same QUIC connection for both AXFR and IXFR requests to
the same primary the same primary
- send those requests in parallel as soon as they are queued i.e. - send those requests in parallel as soon as they are queued,
do not wait for a response before sending the next query on the i.e., do not wait for a response before sending the next query
connection (this is analogous to pipelining requests on a TCP/ on the connection (this is analogous to pipelining requests on
TLS connection) a TCP/TLS connection)
- send the response(s) for each request as soon as they are - send the response(s) for each request as soon as they are
available i.e. response streams MAY be sent intermingled available, i.e., response streams MAY be sent intermingled
6.8. Flow Control Mechanisms 5.8. Flow Control Mechanisms
Servers and Clients manage flow control using the mechanisms defined Servers and clients manage flow control using the mechanisms defined
in Section 4 of [RFC9000]. These mechanisms allow clients and in Section 4 of [RFC9000]. These mechanisms allow clients and
servers to specify how many streams can be created, how much data can servers to specify how many streams can be created, how much data can
be sent on a stream, and how much data can be sent on the union of be sent on a stream, and how much data can be sent on the union of
all streams. For DNS over QUIC, controlling how many streams are all streams. For DoQ, controlling how many streams are created
created allows servers to control how many new requests the client allows servers to control how many new requests the client can send
can send on a given connection. on a given connection.
Flow control exists to protect endpoint resources. For servers, Flow control exists to protect endpoint resources. For servers,
global and per-stream flow control limits control how much data can global and per-stream flow control limits control how much data can
be sent by clients. The same mechanisms allow clients to control how be sent by clients. The same mechanisms allow clients to control how
much data can be sent by servers. Values that are too small will much data can be sent by servers. Values that are too small will
unnecessarily limit performance. Values that are too large might unnecessarily limit performance. Values that are too large might
expose endpoints to overload or memory exhaustion. Implementations expose endpoints to overload or memory exhaustion. Implementations
or deployments will need to adjust flow control limits to balance or deployments will need to adjust flow control limits to balance
these concerns. In particular, zone transfer implementations will these concerns. In particular, zone transfer implementations will
need to control these limits carefully to ensure both large and need to control these limits carefully to ensure both large and
skipping to change at page 20, line 25 skipping to change at line 876
Initial values of parameters control how many requests and how much Initial values of parameters control how many requests and how much
data can be sent by clients and servers at the beginning of the data can be sent by clients and servers at the beginning of the
connection. These values are specified in transport parameters connection. These values are specified in transport parameters
exchanged during the connection handshake. The parameter values exchanged during the connection handshake. The parameter values
received in the initial connection also control how many requests and received in the initial connection also control how many requests and
how much data can be sent by clients using 0-RTT data in a resumed how much data can be sent by clients using 0-RTT data in a resumed
connection. Using too small values of these initial parameters would connection. Using too small values of these initial parameters would
restrict the usefulness of allowing 0-RTT data. restrict the usefulness of allowing 0-RTT data.
7. Implementation Status 6. Security Considerations
(RFC EDITOR NOTE: THIS SECTION TO BE REMOVED BEFORE PUBLICATION) This
section records the status of known implementations of the protocol
defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in [RFC7942].
1. AdGuard launched a DoQ recursive resolver service in December
2020. They have released a suite of open source tools that
support DoQ:
1. AdGuard C++ DNS libraries (https://github.com/AdguardTeam/
DnsLibs) A DNS proxy library that supports all existing DNS
protocols including DNS-over-TLS, DNS-over-HTTPS, DNSCrypt
and DNS-over-QUIC (experimental).
2. DNS Proxy (https://github.com/AdguardTeam/dnsproxy) A simple
DNS proxy server that supports all existing DNS protocols
including DNS-over-TLS, DNS-over-HTTPS, DNSCrypt, and DNS-
over-QUIC. Moreover, it can work as a DNS-over-HTTPS, DNS-
over-TLS or DNS-over-QUIC server.
3. CoreDNS fork for AdGuard DNS (https://github.com/AdguardTeam/
coredns) Includes DNS-over-QUIC server-side support.
4. dnslookup (https://github.com/ameshkov/dnslookup) Simple
command line utility to make DNS lookups. Supports all known
DNS protocols: plain DNS, DoH, DoT, DoQ, DNSCrypt.
2. Quicdoq (https://github.com/private-octopus/quicdoq) Quicdoq is a
simple open source implementation of DoQ. It is written in C,
based on Picoquic (https://github.com/private-octopus/picoquic).
3. Flamethrower (https://github.com/DNS-OARC/flamethrower/tree/dns-
over-quic) is an open source DNS performance and functional
testing utility written in C++ that has an experimental
implementation of DoQ.
4. aioquic (https://github.com/aiortc/aioquic) is an implementation
of QUIC in Python. It includes example client and server for
DoQ.
7.1. Performance Measurements
To the authors' knowledge, no benchmarking studies comparing DoT, DoH
and DoQ are published yet. However, anecdotal evidence from the
AdGuard DoQ recursive resolver deployment
(https://adguard.com/en/blog/dns-over-quic.html) indicates that it
performs similarly (and possibly better) compared to the other
encrypted protocols, particularly in mobile environments. Reasons
given for this include that DoQ
* Uses less bandwidth due to a more efficient handshake (and due to
less per message overhead when compared to DoH).
* Performs better in mobile environments due to the increased
resilience to packet loss
* Can maintain connections as users move between mobile networks via
its connection management
8. Security Considerations
A Threat Analysis of the Domain Name System is found in [RFC3833]. A Threat Analysis of the Domain Name System is found in [RFC3833].
This analysis was written before the development of DoT, DoH and DoQ, This analysis was written before the development of DoT, DoH, and
and probably needs to be updated. DoQ, and probably needs to be updated.
The security considerations of DoQ should be comparable to those of The security considerations of DoQ should be comparable to those of
DoT [RFC7858]. DoT as specified in [RFC7858] only addresses the stub DoT [RFC7858]. DoT as specified in [RFC7858] only addresses the stub
to recursive resolver scenario, but the considerations about person- to recursive scenario, but the considerations about person-in-the-
in-the-middle attacks, middleboxes and caching of data from clear middle attacks, middleboxes, and caching of data from cleartext
text connections also apply for DoQ to the resolver to authoritative connections also apply for DoQ to the resolver to authoritative
server scenario. As stated in Section 6.1 the authentication server scenario. As stated in Section 5.1, the authentication
requirements for securing zone transfer using DoQ are the same as requirements for securing zone transfer using DoQ are the same as
those for zone transfer over DoT, therefore the general security those for zone transfer over DoT; therefore, the general security
considerations are entirely analogous to those described in considerations are entirely analogous to those described in
[RFC9103]. [RFC9103].
DoQ relies on QUIC, which itself relies on TLS 1.3 and thus supports DoQ relies on QUIC, which itself relies on TLS 1.3 and thus supports
by default the protections against downgrade attacks described in by default the protections against downgrade attacks described in
[BCP195]. QUIC specific issues and their mitigations are described [BCP195]. QUIC-specific issues and their mitigations are described
in Section 21 of [RFC9000]. in Section 21 of [RFC9000].
9. Privacy Considerations 7. Privacy Considerations
The general considerations of encrypted transports provided in "DNS The general considerations of encrypted transports provided in "DNS
Privacy Considerations" [RFC9076] apply to DoQ. The specific Privacy Considerations" [RFC9076] apply to DoQ. The specific
considerations provided there do not differ between DoT and DoQ, and considerations provided there do not differ between DoT and DoQ, and
are not discussed further here. Similarly, "Recommendations for DNS they are not discussed further here. Similarly, "Recommendations for
Privacy Service Operators" [RFC8932] (which covers operational, DNS Privacy Service Operators" [RFC8932] (which covers operational,
policy, and security considerations for DNS privacy services) is also policy, and security considerations for DNS privacy services) is also
applicable to DoQ services. applicable to DoQ services.
QUIC incorporates the mechanisms of TLS 1.3 [RFC8446] and this QUIC incorporates the mechanisms of TLS 1.3 [RFC8446], and this
enables QUIC transmission of "0-RTT" data. This can provide enables QUIC transmission of "0-RTT" data. This can provide
interesting latency gains, but it raises two concerns: interesting latency gains, but it raises two concerns:
1. Adversaries could replay the 0-RTT data and infer its content 1. Adversaries could replay the 0-RTT data and infer its content
from the behavior of the receiving server. from the behavior of the receiving server.
2. The 0-RTT mechanism relies on TLS session resumption, which can 2. The 0-RTT mechanism relies on TLS session resumption, which can
provide linkability between successive client sessions. provide linkability between successive client sessions.
These issues are developed in Section 9.1 and Section 9.2. These issues are developed in Sections 7.1 and 7.2.
9.1. Privacy Issues With 0-RTT data 7.1. Privacy Issues with 0-RTT data
The 0-RTT data can be replayed by adversaries. That data may trigger The 0-RTT data can be replayed by adversaries. That data may trigger
queries by a recursive resolver to authoritative resolvers. queries by a recursive resolver to authoritative resolvers.
Adversaries may be able to pick a time at which the recursive Adversaries may be able to pick a time at which the recursive
resolver outgoing traffic is observable, and thus find out what name resolver outgoing traffic is observable and thus find out what name
was queried for in the 0-RTT data. was queried for in the 0-RTT data.
This risk is in fact a subset of the general problem of observing the This risk is in fact a subset of the general problem of observing the
behavior of the recursive resolver discussed in "DNS Privacy behavior of the recursive resolver discussed in "DNS Privacy
Considerations" [RFC9076]. The attack is partially mitigated by Considerations" [RFC9076]. The attack is partially mitigated by
reducing the observability of this traffic. The mandatory replay reducing the observability of this traffic. The mandatory replay
protection mechanisms in TLS 1.3 [RFC8446] limit but do not eliminate protection mechanisms in TLS 1.3 [RFC8446] limit but do not eliminate
the risk of replay. 0-RTT packets can only be replayed within a the risk of replay. 0-RTT packets can only be replayed within a
narrow window, which is only wide enough to account for variations in narrow window, which is only wide enough to account for variations in
clock skew and network transmission. clock skew and network transmission.
The recommendation for TLS 1.3 [RFC8446] is that the capability to The recommendation for TLS 1.3 [RFC8446] is that the capability to
use 0-RTT data should be turned off by default, and only enabled if use 0-RTT data should be turned off by default and only enabled if
the user clearly understands the associated risks. In the case of the user clearly understands the associated risks. In the case of
DoQ, allowing 0-RTT data provides significant performance gains, and DoQ, allowing 0-RTT data provides significant performance gains, and
there is a concern that a recommendation to not use it would simply there is a concern that a recommendation to not use it would simply
be ignored. Instead, a set of practical recommendations is provided be ignored. Instead, a set of practical recommendations is provided
in Section 5.5 and Section 6.5.3. in Sections 4.5 and 5.5.3.
The specifications in Section 5.5 block the most obvious risks of The specifications in Section 4.5 block the most obvious risks of
replay attacks, as they only allows for transactions that will not replay attacks, as they only allow for transactions that will not
change the long-term state of the server. change the long-term state of the server.
The attacks described above apply to the stub resolver to recursive The attacks described above apply to the stub resolver to recursive
resolver scenario, but similar attacks might be envisaged in the resolver scenario, but similar attacks might be envisaged in the
recursive resolver to authoritative resolver scenario, and the same recursive resolver to authoritative resolver scenario, and the same
mitigations apply. mitigations apply.
9.2. Privacy Issues With Session Resumption 7.2. Privacy Issues with Session Resumption
The QUIC session resumption mechanism reduces the cost of re- The QUIC session resumption mechanism reduces the cost of re-
establishing sessions and enables 0-RTT data. There is a linkability establishing sessions and enables 0-RTT data. There is a linkability
issue associated with session resumption, if the same resumption issue associated with session resumption, if the same resumption
token is used several times. Attackers on path between client and token is used several times. Attackers on path between client and
server could observe repeated usage of the token and use that to server could observe repeated usage of the token and use that to
track the client over time or over multiple locations. track the client over time or over multiple locations.
The session resumption mechanism allows servers to correlate the The session resumption mechanism allows servers to correlate the
resumed sessions with the initial sessions, and thus to track the resumed sessions with the initial sessions and thus to track the
client. This creates a virtual long duration session. The series of client. This creates a virtual long duration session. The series of
queries in that session can be used by the server to identify the queries in that session can be used by the server to identify the
client. Servers can most probably do that already if the client client. Servers can most probably do that already if the client
address remains constant, but session resumption tickets also enable address remains constant, but session resumption tickets also enable
tracking after changes of the client's address. tracking after changes of the client's address.
The recommendations in Section 6.5.3 are designed to mitigate these The recommendations in Section 5.5.3 are designed to mitigate these
risks. Using session tickets only once mitigates the risk of risks. Using session tickets only once mitigates the risk of
tracking by third parties. Refusing to resume a session if addresses tracking by third parties. Refusing to resume a session if addresses
change mitigates the incremental risk of tracking by the server (but change mitigates the incremental risk of tracking by the server (but
the risk of tracking by IP address remains). the risk of tracking by IP address remains).
The privacy trade-offs here may be context specific. Stub resolvers The privacy trade-offs here may be context specific. Stub resolvers
will have a strong motivation to prefer privacy over latency since will have a strong motivation to prefer privacy over latency since
they often change location. However, recursive resolvers that use a they often change location. However, recursive resolvers that use a
small set of static IP addresses are more likely to prefer the small set of static IP addresses are more likely to prefer the
reduced latency provided by session resumption and may consider this reduced latency provided by session resumption and may consider this
a valid reason to use resumption tickets even if the IP address a valid reason to use resumption tickets even if the IP address
changed between sessions. changed between sessions.
Encrypted zone transfer (RFC9103) explicitly does not attempt to hide Encrypted zone transfer ([RFC9103]) explicitly does not attempt to
the identity of the parties involved in the transfer, but at the same hide the identity of the parties involved in the transfer; at the
time such transfers are not particularly latency sensitive. This same time, such transfers are not particularly latency sensitive.
means that applications supporting zone transfers may decide to apply This means that applications supporting zone transfers may decide to
the same protections as stub to recursive applications. apply the same protections as stub to recursive applications.
9.3. Privacy Issues With Address Validation Tokens 7.3. Privacy Issues with Address Validation Tokens
QUIC specifies address validation mechanisms in Section 8 of QUIC specifies address validation mechanisms in Section 8 of
[RFC9000]. Use of an address validation token allows QUIC servers to [RFC9000]. Use of an address validation token allows QUIC servers to
avoid an extra RTT for new connections. Address validation tokens avoid an extra RTT for new connections. Address validation tokens
are typically tied to an IP address. QUIC clients normally only use are typically tied to an IP address. QUIC clients normally only use
these tokens when setting up a new connection from a previously used these tokens when setting up a new connection from a previously used
address. However, clients are not always aware that they are using a address. However, clients are not always aware that they are using a
new address. This could be due to NAT, or because the client does new address. This could be due to NAT, or because the client does
not have an API available to check if the IP address has changed not have an API available to check if the IP address has changed
(which can be quite often for IPv6). There is a linkability risk if (which can be quite often for IPv6). There is a linkability risk if
clients mistakenly use address validation tokens after unknowingly clients mistakenly use address validation tokens after unknowingly
moving to a new location. moving to a new location.
The recommendations in Section 6.5.3 mitigates this risk by tying the The recommendations in Section 5.5.3 mitigates this risk by tying the
usage of the NEW_TOKEN to that of session resumption, though this usage of the NEW_TOKEN to that of session resumption, though this
recommendation does not cover the case where the client is unaware of recommendation does not cover the case where the client is unaware of
the address change. the address change.
9.4. Privacy Issues With Long Duration Sessions 7.4. Privacy Issues with Long Duration Sessions
A potential alternative to session resumption is the use of long A potential alternative to session resumption is the use of long
duration sessions: if a session remains open for a long time, new duration sessions: if a session remains open for a long time, new
queries can be sent without incurring connection establishment queries can be sent without incurring connection establishment
delays. It is worth pointing out that the two solutions have similar delays. It is worth pointing out that the two solutions have similar
privacy characteristics. Session resumption may allow servers to privacy characteristics. Session resumption may allow servers to
keep track of the IP addresses of clients, but long duration sessions keep track of the IP addresses of clients, but long duration sessions
have the same effect. have the same effect.
In particular, a DoQ implementation might take advantage of the In particular, a DoQ implementation might take advantage of the
connection migration features of QUIC to maintain a session even if connection migration features of QUIC to maintain a session even if
the client's connectivity changes, for example if the client migrates the client's connectivity changes, for example, if the client
from a Wi-Fi connection to a cellular network connection, and then to migrates from a Wi-Fi connection to a cellular network connection and
another Wi-Fi connection. The server would be able to track the then to another Wi-Fi connection. The server would be able to track
client location by monitoring the succession of IP addresses used by the client location by monitoring the succession of IP addresses used
the long duration connection. by the long duration connection.
The recommendation in Section 6.5.4 mitigates the privacy concerns The recommendation in Section 5.5.4 mitigates the privacy concerns
related to long duration sessions using multiple client addresses. related to long duration sessions using multiple client addresses.
9.5. Traffic Analysis 7.5. Traffic Analysis
Even though QUIC packets are encrypted, adversaries can gain Even though QUIC packets are encrypted, adversaries can gain
information from observing packet lengths, in both queries and information from observing packet lengths, in both queries and
responses, as well as packet timing. Many DNS requests are emitted responses, as well as packet timing. Many DNS requests are emitted
by web browsers. Loading a specific web page may require resolving by web browsers. Loading a specific web page may require resolving
dozens of DNS names. If an application adopts a simple mapping of dozens of DNS names. If an application adopts a simple mapping of
one query or response per packet, or "one QUIC STREAM frame per one query or response per packet, or "one QUIC STREAM frame per
packet", then the succession of packet lengths may provide enough packet", then the succession of packet lengths may provide enough
information to identify the requested site. information to identify the requested site.
Implementations SHOULD use the mechanisms defined in Section 6.4 to Implementations SHOULD use the mechanisms defined in Section 5.4 to
mitigate this attack. mitigate this attack.
10. IANA Considerations 8. IANA Considerations
10.1. Registration of DoQ Identification String 8.1. Registration of a DoQ Identification String
This document creates a new registration for the identification of This document creates a new registration for the identification of
DoQ in the "Application Layer Protocol Negotiation (ALPN) Protocol DoQ in the "TLS Application-Layer Protocol Negotiation (ALPN)
IDs" registry [RFC7301]. Protocol IDs" registry [RFC7301].
The "doq" string identifies DoQ: The "doq" string identifies DoQ:
Protocol: DoQ Protocol: DoQ
Identification Sequence: 0x64 0x6F 0x71 ("doq") Identification Sequence: 0x64 0x6F 0x71 ("doq")
Specification: This document Specification: This document
10.2. Reservation of Dedicated Port 8.2. Reservation of a Dedicated Port
For both TCP and UDP port 853 is currently reserved for 'DNS query- For both TCP and UDP, port 853 is currently reserved for "DNS query-
response protocol run over TLS/DTLS' [RFC7858]. response protocol run over TLS/DTLS" [RFC7858].
However, the specification for DNS over DTLS (DoD) [RFC8094] is However, the specification for DNS over DTLS (DoD) [RFC8094] is
experimental, limited to stub to resolver, and no implementations or experimental, limited to stub to resolver, and no implementations or
deployments currently exist to the authors' knowledge (even though deployments currently exist to the authors' knowledge (even though
several years have passed since the specification was published). several years have passed since the specification was published).
This specification proposes to additionally reserve the use of UDP This specification additionally reserves the use of UDP port 853 for
port 853 for DoQ. QUIC version 1 was designed to be able to co-exist DoQ. QUIC version 1 was designed to be able to coexist with other
with other protocols on the same port, including DTLS , see protocols on the same port, including DTLS; see Section 17.2 of
Section 17.2 of [RFC9000]. This means that deployments that serve [RFC9000]. This means that deployments that serve DoD and DoQ (QUIC
DNS over DTLS and DNS over QUIC (QUIC version 1) on the same port version 1) on the same port will be able to demultiplex the two due
will be able to demultiplex the two due to the second most to the second most significant bit in each UDP payload. Such
significant bit in each UDP payload. Such deployments ought to check deployments ought to check the signatures of future versions or
the signatures of future versions or extensions (e.g., extensions (e.g., [GREASING-QUIC]) of QUIC and DTLS before deploying
[I-D.ietf-quic-bit-grease]) of QUIC and DTLS before deploying them to them to serve DNS on the same port.
serve DNS on the same port.
IANA is requested to update the following value in the "Service Name IANA has updated the following value in the "Service Name and
and Transport Protocol Port Number Registry" in the System Range. Transport Protocol Port Number Registry" in the System range. The
The registry for that range requires IETF Review or IESG Approval registry for that range requires IETF Review or IESG Approval
[RFC6335]. [RFC6335].
Service Name: domain-s Service Name: domain-s
Port Number: 853 Port Number: 853
Transport Protocol(s): UDP Transport Protocol(s): UDP
Assignee: IESG Assignee: IESG
Contact: IETF Chair Contact: IETF Chair
Description: DNS query-response protocol run over DTLS or QUIC Description: DNS query-response protocol run over DTLS or QUIC
Reference: [RFC7858][RFC8094] This document Reference: [RFC7858][RFC8094] This document
Additionally, IANA is requested to update the Description field for Additionally, IANA has updated the Description field for the
the corresponding TCP port 853 allocation to be 'DNS query-response corresponding TCP port 853 allocation to be "DNS query-response
protocol run over TLS' and to remove [RFC8094] from the TCP protocol run over TLS" and removed [RFC8094] from the TCP
allocation's Reference field for consistency and clarity. allocation's Reference field for consistency and clarity.
(UPDATE ON IANA REQUEST: THIS SENTENCE TO BE REMOVED BEFORE 8.3. Reservation of an Extended DNS Error Code: Too Early
PUBLICATION) Review by the port experts on 13th December 2021
determined that the proposed updates to the existing port allocation
were acceptable and will be made when this document is approved for
publication.
10.3. Reservation of Extended DNS Error Code Too Early IANA has registered the following value in the "Extended DNS Error
Codes" registry [RFC8914]:
IANA is requested to add the following value to the Extended DNS INFO-CODE: 26
Error Codes registry [RFC8914]:
INFO-CODE: TBD
Purpose: Too Early Purpose: Too Early
Reference: This document Reference: This document
10.4. DNS over QUIC Error Codes Registry 8.4. DNS-over-QUIC Error Codes Registry
IANA [SHALL add/has added] a registry for "DNS over QUIC Error Codes" IANA has added a registry for "DNS-over-QUIC Error Codes" on the
on the "Domain Name System (DNS) Parameters" web page. "Domain Name System (DNS) Parameters" web page.
The "DNS over QUIC Error Codes" registry governs a 62-bit space. The "DNS-over-QUIC Error Codes" registry governs a 62-bit space.
This space is split into three regions that are governed by different This space is split into three regions that are governed by different
policies: policies:
* Permanent registrations for values between 0x00 and 0x3f (in * Permanent registrations for values between 0x00 and 0x3f (in
hexadecimal; inclusive), which are assigned using Standards Action hexadecimal; inclusive), which are assigned using Standards Action
or IESG Approval as defined in Section 4.9 and Section 4.10 of or IESG Approval as defined in Sections 4.9 and 4.10 of [RFC8126]
[RFC8126]
* Permanent registrations for values larger than 0x3f, which are * Permanent registrations for values larger than 0x3f, which are
assigned using the Specification Required policy ([RFC8126]) assigned using the Specification Required policy ([RFC8126])
* Provisional registrations for values larger than 0x3f, which * Provisional registrations for values larger than 0x3f, which
require Expert Review, as defined in Section 4.5 of [RFC8126]. require Expert Review, as defined in Section 4.5 of [RFC8126].
Provisional reservations share the range of values larger than 0x3f Provisional reservations share the range of values larger than 0x3f
with some permanent registrations. This is by design, to enable with some permanent registrations. This is by design to enable
conversion of provisional registrations into permanent registrations conversion of provisional registrations into permanent registrations
without requiring changes in deployed systems. (This design is without requiring changes in deployed systems. (This design is
aligned with the principles set in Section 22 of [RFC9000].) aligned with the principles set in Section 22 of [RFC9000].)
Registrations in this registry MUST include the following fields: Registrations in this registry MUST include the following fields:
Value: The assigned codepoint. Value: The assigned codepoint
Status: "Permanent" or "Provisional". Status: "Permanent" or "Provisional"
Contact: Contact details for the registrant. Contact: Contact details for the registrant
In addition, permanent registrations MUST include: In addition, permanent registrations MUST include:
Error: A short mnemonic for the parameter. Error: A short mnemonic for the parameter
Specification: A reference to a publicly available specification for Specification: A reference to a publicly available specification for
the value (optional for provisional registrations). the value (optional for provisional registrations)
Description: A brief description of the error code semantics, which Description: A brief description of the error code semantics, which
MAY be a summary if a specification reference is provided. MAY be a summary if a specification reference is provided
Provisional registrations of codepoints are intended to allow for Provisional registrations of codepoints are intended to allow for
private use and experimentation with extensions to DNS over QUIC. private use and experimentation with extensions to DoQ. However,
However, provisional registrations could be reclaimed and reassigned provisional registrations could be reclaimed and reassigned for other
for another purpose. In addition to the parameters listed above, purposes. In addition to the parameters listed above, provisional
provisional registrations MUST include: registrations MUST include:
Date: The date of last update to the registration. Date: The date of last update to the registration
A request to update the date on any provisional registration can be A request to update the date on any provisional registration can be
made without review from the designated expert(s). made without review from the designated expert(s).
The initial contents of this registry are shown in Table 1 and all The initial content of this registry is shown in Table 1 and all
entries share the following fields: entries share the following fields:
Status: Permanent Status: Permanent
Contact: DPRIVE WG Contact: DPRIVE WG
Specification: Section 5.3 Specification: Section 4.3
+============+=======================+=============================+ +============+=======================+=============================+
| Value | Error | Description | | Value | Error | Description |
+============+=======================+=============================+ +============+=======================+=============================+
| 0x0 | DOQ_NO_ERROR | No error | | 0x0 | DOQ_NO_ERROR | No error |
+------------+-----------------------+-----------------------------+ +------------+-----------------------+-----------------------------+
| 0x1 | DOQ_INTERNAL_ERROR | Implementation error | | 0x1 | DOQ_INTERNAL_ERROR | Implementation error |
+------------+-----------------------+-----------------------------+ +------------+-----------------------+-----------------------------+
| 0x2 | DOQ_PROTOCOL_ERROR | Generic protocol violation | | 0x2 | DOQ_PROTOCOL_ERROR | Generic protocol violation |
+------------+-----------------------+-----------------------------+ +------------+-----------------------+-----------------------------+
skipping to change at page 28, line 45 skipping to change at line 1199
+------------+-----------------------+-----------------------------+ +------------+-----------------------+-----------------------------+
| 0x4 | DOQ_EXCESSIVE_LOAD | Closing a connection for | | 0x4 | DOQ_EXCESSIVE_LOAD | Closing a connection for |
| | | excessive load | | | | excessive load |
+------------+-----------------------+-----------------------------+ +------------+-----------------------+-----------------------------+
| 0x5 | DOQ_UNSPECIFIED_ERROR | No error reason specified | | 0x5 | DOQ_UNSPECIFIED_ERROR | No error reason specified |
+------------+-----------------------+-----------------------------+ +------------+-----------------------+-----------------------------+
| 0xd098ea5e | DOQ_ERROR_RESERVED | Alternative error code used | | 0xd098ea5e | DOQ_ERROR_RESERVED | Alternative error code used |
| | | for tests | | | | for tests |
+------------+-----------------------+-----------------------------+ +------------+-----------------------+-----------------------------+
Table 1: Initial DNS over QUIC Error Codes Entries Table 1: Initial DNS-over-QUIC Error Codes Entries
11. Acknowledgements
This document liberally borrows text from the HTTP-3 specification
[I-D.ietf-quic-http] edited by Mike Bishop, and from the DoT
specification [RFC7858] authored by Zi Hu, Liang Zhu, John Heidemann,
Allison Mankin, Duane Wessels, and Paul Hoffman.
The privacy issue with 0-RTT data and session resumption were
analyzed by Daniel Kahn Gillmor (DKG) in a message to the IETF
"DPRIVE" working group [DNS0RTT].
Thanks to Tony Finch for an extensive review of the initial version
of this draft, and to Robert Evans for the discussion of 0-RTT
privacy issues. Early reviews by Paul Hoffman and Martin Thomson and
interoperability tests conducted by Stephane Bortzmeyer helped
improve the definition of the protocol.
Thanks also to Martin Thomson and Martin Duke for their later reviews
focussing on the low level QUIC details which helped clarify several
aspects of DoQ. Thanks to Andrey Meshkov, Loganaden Velvindron,
Lucas Pardue, Matt Joras, Mirja Kuelewind, Brian Trammell and Phillip
Hallam-Baker for their reviews and contributions.
12. References 9. References
12.1. Normative References 9.1. Normative References
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987,
<https://www.rfc-editor.org/info/rfc1034>. <https://www.rfc-editor.org/info/rfc1034>.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>. November 1987, <https://www.rfc-editor.org/info/rfc1035>.
[RFC1995] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995, [RFC1995] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995,
skipping to change at page 31, line 19 skipping to change at line 1291
[RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure [RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure
QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021, QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021,
<https://www.rfc-editor.org/info/rfc9001>. <https://www.rfc-editor.org/info/rfc9001>.
[RFC9103] Toorop, W., Dickinson, S., Sahib, S., Aras, P., and A. [RFC9103] Toorop, W., Dickinson, S., Sahib, S., Aras, P., and A.
Mankin, "DNS Zone Transfer over TLS", RFC 9103, Mankin, "DNS Zone Transfer over TLS", RFC 9103,
DOI 10.17487/RFC9103, August 2021, DOI 10.17487/RFC9103, August 2021,
<https://www.rfc-editor.org/info/rfc9103>. <https://www.rfc-editor.org/info/rfc9103>.
12.2. Informative References 9.2. Informative References
[BCP195] Sheffer, Y., Holz, R., and P. Saint-Andre, [BCP195] Sheffer, Y., Holz, R., and P. Saint-Andre,
"Recommendations for Secure Use of Transport Layer "Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security Security (TLS) and Datagram Transport Layer Security
(DTLS)", BCP 195, RFC 7525, May 2015. (DTLS)", BCP 195, RFC 7525, May 2015.
Moriarty, K. and S. Farrell, "Deprecating TLS 1.0 and TLS Moriarty, K. and S. Farrell, "Deprecating TLS 1.0 and TLS
1.1", BCP 195, RFC 8996, March 2021. 1.1", BCP 195, RFC 8996, March 2021.
<https://www.rfc-editor.org/info/bcp195> <https://www.rfc-editor.org/info/bcp195>
[DNS-TERMS]
Hoffman, P. and K. Fujiwara, "DNS Terminology", Work in
Progress, Internet-Draft, draft-ietf-dnsop-rfc8499bis-03,
28 September 2021, <https://datatracker.ietf.org/doc/html/
draft-ietf-dnsop-rfc8499bis-03>.
[DNS0RTT] Kahn Gillmor, D., "DNS + 0-RTT", Message to DNS-Privacy WG [DNS0RTT] Kahn Gillmor, D., "DNS + 0-RTT", Message to DNS-Privacy WG
mailing list, 6 April 2016, <https://www.ietf.org/mail- mailing list, 6 April 2016, <https://www.ietf.org/mail-
archive/web/dns-privacy/current/msg01276.html>. archive/web/dns-privacy/current/msg01276.html>.
[I-D.ietf-dnsop-rfc8499bis] [GREASING-QUIC]
Hoffman, P. and K. Fujiwara, "DNS Terminology", Work in
Progress, Internet-Draft, draft-ietf-dnsop-rfc8499bis-03,
28 September 2021, <https://www.ietf.org/archive/id/draft-
ietf-dnsop-rfc8499bis-03.txt>.
[I-D.ietf-quic-bit-grease]
Thomson, M., "Greasing the QUIC Bit", Work in Progress, Thomson, M., "Greasing the QUIC Bit", Work in Progress,
Internet-Draft, draft-ietf-quic-bit-grease-02, 10 November Internet-Draft, draft-ietf-quic-bit-grease-02, 10 November
2021, <https://www.ietf.org/archive/id/draft-ietf-quic- 2021, <https://datatracker.ietf.org/doc/html/draft-ietf-
bit-grease-02.txt>. quic-bit-grease-02>.
[I-D.ietf-quic-http] [HTTP/3] Bishop, M., Ed., "Hypertext Transfer Protocol Version 3
Bishop, M., "Hypertext Transfer Protocol Version 3
(HTTP/3)", Work in Progress, Internet-Draft, draft-ietf- (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf-
quic-http-34, 2 February 2021, quic-http-34, 2 February 2021,
<https://www.ietf.org/archive/id/draft-ietf-quic-http- <https://datatracker.ietf.org/doc/html/draft-ietf-quic-
34.txt>. http-34>.
[RFC1996] Vixie, P., "A Mechanism for Prompt Notification of Zone [RFC1996] Vixie, P., "A Mechanism for Prompt Notification of Zone
Changes (DNS NOTIFY)", RFC 1996, DOI 10.17487/RFC1996, Changes (DNS NOTIFY)", RFC 1996, DOI 10.17487/RFC1996,
August 1996, <https://www.rfc-editor.org/info/rfc1996>. August 1996, <https://www.rfc-editor.org/info/rfc1996>.
[RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the Domain [RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the Domain
Name System (DNS)", RFC 3833, DOI 10.17487/RFC3833, August Name System (DNS)", RFC 3833, DOI 10.17487/RFC3833, August
2004, <https://www.rfc-editor.org/info/rfc3833>. 2004, <https://www.rfc-editor.org/info/rfc3833>.
[RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S.
skipping to change at page 32, line 29 skipping to change at line 1349
[RFC7828] Wouters, P., Abley, J., Dickinson, S., and R. Bellis, "The [RFC7828] Wouters, P., Abley, J., Dickinson, S., and R. Bellis, "The
edns-tcp-keepalive EDNS0 Option", RFC 7828, edns-tcp-keepalive EDNS0 Option", RFC 7828,
DOI 10.17487/RFC7828, April 2016, DOI 10.17487/RFC7828, April 2016,
<https://www.rfc-editor.org/info/rfc7828>. <https://www.rfc-editor.org/info/rfc7828>.
[RFC7873] Eastlake 3rd, D. and M. Andrews, "Domain Name System (DNS) [RFC7873] Eastlake 3rd, D. and M. Andrews, "Domain Name System (DNS)
Cookies", RFC 7873, DOI 10.17487/RFC7873, May 2016, Cookies", RFC 7873, DOI 10.17487/RFC7873, May 2016,
<https://www.rfc-editor.org/info/rfc7873>. <https://www.rfc-editor.org/info/rfc7873>.
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", BCP 205,
RFC 7942, DOI 10.17487/RFC7942, July 2016,
<https://www.rfc-editor.org/info/rfc7942>.
[RFC8094] Reddy, T., Wing, D., and P. Patil, "DNS over Datagram [RFC8094] Reddy, T., Wing, D., and P. Patil, "DNS over Datagram
Transport Layer Security (DTLS)", RFC 8094, Transport Layer Security (DTLS)", RFC 8094,
DOI 10.17487/RFC8094, February 2017, DOI 10.17487/RFC8094, February 2017,
<https://www.rfc-editor.org/info/rfc8094>. <https://www.rfc-editor.org/info/rfc8094>.
[RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS [RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS
(DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018, (DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018,
<https://www.rfc-editor.org/info/rfc8484>. <https://www.rfc-editor.org/info/rfc8484>.
[RFC8490] Bellis, R., Cheshire, S., Dickinson, J., Dickinson, S., [RFC8490] Bellis, R., Cheshire, S., Dickinson, J., Dickinson, S.,
skipping to change at page 33, line 18 skipping to change at line 1381
[RFC9076] Wicinski, T., Ed., "DNS Privacy Considerations", RFC 9076, [RFC9076] Wicinski, T., Ed., "DNS Privacy Considerations", RFC 9076,
DOI 10.17487/RFC9076, July 2021, DOI 10.17487/RFC9076, July 2021,
<https://www.rfc-editor.org/info/rfc9076>. <https://www.rfc-editor.org/info/rfc9076>.
Appendix A. The NOTIFY Service Appendix A. The NOTIFY Service
This appendix discusses why it is considered acceptable to send This appendix discusses why it is considered acceptable to send
NOTIFY (see [RFC1996]) in 0-RTT data. NOTIFY (see [RFC1996]) in 0-RTT data.
Section 5.5 says "The 0-RTT mechanism SHOULD NOT be used to send DNS Section 4.5 says "The 0-RTT mechanism MUST NOT be used to send DNS
requests that are not "replayable" transactions". This specification requests that are not "replayable" transactions". This specification
supports sending a NOTIFY in 0-RTT data because although a NOTIFY supports sending a NOTIFY in 0-RTT data because although a NOTIFY
technically changes the state of the receiving server, the effect of technically changes the state of the receiving server, the effect of
replaying NOTIFYs has negligible impact in practice. replaying NOTIFYs has negligible impact in practice.
NOTIFY messages prompt a secondary to either send an SOA query or an NOTIFY messages prompt a secondary to either send an SOA query or an
XFR request to the primary on the basis that a newer version of the XFR request to the primary on the basis that a newer version of the
zone is available. It has long been recognized that NOTIFYs can be zone is available. It has long been recognized that NOTIFYs can be
forged and, in theory, used to cause a secondary to send repeated forged and, in theory, used to cause a secondary to send repeated
unnecessary requests to the primary. For this reason, most unnecessary requests to the primary. For this reason, most
implementations have some form of throttling of the SOA/XFR queries implementations have some form of throttling of the SOA/XFR queries
triggered by the receipt of one or more NOTIFYs. triggered by the receipt of one or more NOTIFYs.
[RFC9103] describes the privacy risks associated with both NOTIFY and [RFC9103] describes the privacy risks associated with both NOTIFY and
SOA queries and does not include addressing those risks within the SOA queries and does not include addressing those risks within the
scope of encrypting zone transfers. Given this, the privacy benefit scope of encrypting zone transfers. Given this, the privacy benefit
of using DoQ for NOTIFY is not clear - but for the same reason, of using DoQ for NOTIFY is not clear, but for the same reason,
sending NOTIFY as 0-RTT data has no privacy risk above that of sending NOTIFY as 0-RTT data has no privacy risk above that of
sending it using cleartext DNS. sending it using cleartext DNS.
Appendix B. Notable Changes From Previous Versions Acknowledgements
(RFC EDITOR NOTE: THIS SECTION TO BE REMOVED BEFORE PUBLICATION) This document liberally borrows text from the HTTP/3 specification
[HTTP/3] edited by Mike Bishop and from the DoT specification
[RFC7858] authored by Zi Hu, Liang Zhu, John Heidemann, Allison
Mankin, Duane Wessels, and Paul Hoffman.
B.1. Stream Mapping Incompatibility With Draft-02 The privacy issue with 0-RTT data and session resumption was analyzed
by Daniel Kahn Gillmor (DKG) in a message to the IETF DPRIVE Working
Group [DNS0RTT].
Versions prior to -02 of this specification proposed a simpler Thanks to Tony Finch for an extensive review of the initial draft
mapping scheme of queries and responses to QUIc stream, which omitted version of this document, and to Robert Evans for the discussion of
the 2 byte length field and supported only a single response on a 0-RTT privacy issues. Early reviews by Paul Hoffman and Martin
given stream. The more complex mapping in Section 5.2 was adopted to Thomson and interoperability tests conducted by Stephane Bortzmeyer
specifically cater for XFR support, however, it breaks compatibility helped improve the definition of the protocol.
with earlier versions.
Thanks also to Martin Thomson and Martin Duke for their later reviews
focusing on the low-level QUIC details, which helped clarify several
aspects of DoQ. Thanks to Andrey Meshkov, Loganaden Velvindron,
Lucas Pardue, Matt Joras, Mirja Kuelewind, Brian Trammell, and
Phillip Hallam-Baker for their reviews and contributions.
Authors' Addresses Authors' Addresses
Christian Huitema Christian Huitema
Private Octopus Inc. Private Octopus Inc.
427 Golfcourse Rd 427 Golfcourse Rd
Friday Harbor, WA 98250 Friday Harbor, WA 98250
United States of America United States of America
Email: huitema@huitema.net Email: huitema@huitema.net
 End of changes. 199 change blocks. 
518 lines changed or deleted 406 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/