< draft-ietf-dprive-dnsoquic-03.txt   draft-ietf-dprive-dnsoquic-04.txt >
Network Working Group C. Huitema Network Working Group C. Huitema
Internet-Draft Private Octopus Inc. Internet-Draft Private Octopus Inc.
Intended status: Standards Track S. Dickinson Intended status: Standards Track S. Dickinson
Expires: January 13, 2022 Sinodun IT Expires: 6 March 2022 Sinodun IT
A. Mankin A. Mankin
Salesforce Salesforce
July 12, 2021 2 September 2021
Specification of DNS over Dedicated QUIC Connections Specification of DNS over Dedicated QUIC Connections
draft-ietf-dprive-dnsoquic-03 draft-ietf-dprive-dnsoquic-04
Abstract Abstract
This document describes the use of QUIC to provide transport privacy This document describes the use of QUIC to provide transport privacy
for DNS. The encryption provided by QUIC has similar properties to for DNS. The encryption provided by QUIC has similar properties to
that provided by TLS, while QUIC transport eliminates the head-of- that provided by TLS, while QUIC transport eliminates the head-of-
line blocking issues inherent with TCP and provides more efficient line blocking issues inherent with TCP and provides more efficient
error corrections than UDP. DNS over QUIC (DoQ) has privacy error corrections than UDP. DNS over QUIC (DoQ) has privacy
properties similar to DNS over TLS (DoT) specified in RFC7858, and properties similar to DNS over TLS (DoT) specified in RFC7858, and
latency characteristics similar to classic DNS over UDP. latency characteristics similar to classic DNS over UDP.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 13, 2022. This Internet-Draft will expire on 6 March 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents (https://trustee.ietf.org/
(https://trustee.ietf.org/license-info) in effect on the date of license-info) in effect on the date of publication of this document.
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document. Code Components
to this document. Code Components extracted from this document must extracted from this document must include Simplified BSD License text
include Simplified BSD License text as described in Section 4.e of as described in Section 4.e of the Trust Legal Provisions and are
the Trust Legal Provisions and are provided without warranty as provided without warranty as described in the Simplified BSD License.
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Key Words . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Key Words . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Document work via GitHub . . . . . . . . . . . . . . . . . . 4 3. Document work via GitHub . . . . . . . . . . . . . . . . . . 4
4. Design Considerations . . . . . . . . . . . . . . . . . . . . 4 4. Design Considerations . . . . . . . . . . . . . . . . . . . . 4
4.1. Provide DNS Privacy . . . . . . . . . . . . . . . . . . . 4 4.1. Provide DNS Privacy . . . . . . . . . . . . . . . . . . . 5
4.2. Design for Minimum Latency . . . . . . . . . . . . . . . 5 4.2. Design for Minimum Latency . . . . . . . . . . . . . . . 5
4.3. No Specific Middlebox Bypass Mechanism . . . . . . . . . 6 4.3. No Specific Middlebox Bypass Mechanism . . . . . . . . . 6
4.4. No Server Initiated Transactions . . . . . . . . . . . . 6 4.4. No Server Initiated Transactions . . . . . . . . . . . . 6
5. Specifications . . . . . . . . . . . . . . . . . . . . . . . 6 5. Specifications . . . . . . . . . . . . . . . . . . . . . . . 6
5.1. Connection Establishment . . . . . . . . . . . . . . . . 6 5.1. Connection Establishment . . . . . . . . . . . . . . . . 6
5.1.1. Draft Version Identification . . . . . . . . . . . . 6 5.1.1. Draft Version Identification . . . . . . . . . . . . 6
5.1.2. Port Selection . . . . . . . . . . . . . . . . . . . 6 5.1.2. Port Selection . . . . . . . . . . . . . . . . . . . 7
5.2. Stream Mapping and Usage . . . . . . . . . . . . . . . . 7 5.2. Stream Mapping and Usage . . . . . . . . . . . . . . . . 7
5.2.1. DNS Message IDs . . . . . . . . . . . . . . . . . . . 8 5.2.1. DNS Message IDs . . . . . . . . . . . . . . . . . . . 8
5.3. DoQ Error Codes . . . . . . . . . . . . . . . . . . . . . 8 5.3. DoQ Error Codes . . . . . . . . . . . . . . . . . . . . . 8
5.3.1. Transaction Errors . . . . . . . . . . . . . . . . . 8 5.3.1. Transaction Cancellation . . . . . . . . . . . . . . 9
5.3.2. Protocol Errors . . . . . . . . . . . . . . . . . . . 8 5.3.2. Transaction Errors . . . . . . . . . . . . . . . . . 9
5.4. Connection Management . . . . . . . . . . . . . . . . . . 9 5.3.3. Protocol Errors . . . . . . . . . . . . . . . . . . . 9
5.5. Connection Resume and 0-RTT . . . . . . . . . . . . . . . 10 5.4. Connection Management . . . . . . . . . . . . . . . . . . 10
5.6. Message Sizes . . . . . . . . . . . . . . . . . . . . . . 10 5.5. Session Resumption and 0-RTT . . . . . . . . . . . . . . 11
6. Implementation Requirements . . . . . . . . . . . . . . . . . 11 5.6. Message Sizes . . . . . . . . . . . . . . . . . . . . . . 12
6.1. Authentication . . . . . . . . . . . . . . . . . . . . . 11 6. Implementation Requirements . . . . . . . . . . . . . . . . . 12
6.2. Fall Back to Other Protocols on Connection Failure . . . 11 6.1. Authentication . . . . . . . . . . . . . . . . . . . . . 12
6.3. Address Validation . . . . . . . . . . . . . . . . . . . 11 6.2. Fall Back to Other Protocols on Connection Failure . . . 12
6.4. Padding . . . . . . . . . . . . . . . . . . . . . . . . . 12 6.3. Address Validation . . . . . . . . . . . . . . . . . . . 13
6.5. Connection Handling . . . . . . . . . . . . . . . . . . . 12 6.4. Padding . . . . . . . . . . . . . . . . . . . . . . . . . 13
6.5.1. Connection Reuse . . . . . . . . . . . . . . . . . . 12 6.5. Connection Handling . . . . . . . . . . . . . . . . . . . 14
6.5.2. Resource Management and Idle Timeout Values . . . . . 13 6.5.1. Connection Reuse . . . . . . . . . . . . . . . . . . 14
6.6. Processing Queries in Parallel . . . . . . . . . . . . . 13 6.5.2. Resource Management and Idle Timeout Values . . . . . 14
6.7. Zone transfer . . . . . . . . . . . . . . . . . . . . . . 14 6.5.3. Using 0-RTT and Session Resumption . . . . . . . . . 15
6.8. Flow Control Mechanisms . . . . . . . . . . . . . . . . . 14 6.6. Processing Queries in Parallel . . . . . . . . . . . . . 15
7. Implementation Status . . . . . . . . . . . . . . . . . . . . 14 6.7. Zone transfer . . . . . . . . . . . . . . . . . . . . . . 16
7.1. Performance Measurements . . . . . . . . . . . . . . . . 15 6.8. Flow Control Mechanisms . . . . . . . . . . . . . . . . . 16
8. Security Considerations . . . . . . . . . . . . . . . . . . . 15 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 17
9. Privacy Considerations . . . . . . . . . . . . . . . . . . . 16 7.1. Performance Measurements . . . . . . . . . . . . . . . . 18
9.1. Privacy Issues With 0-RTT data . . . . . . . . . . . . . 16 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18
9.2. Privacy Issues With Session Resume . . . . . . . . . . . 16 9. Privacy Considerations . . . . . . . . . . . . . . . . . . . 18
9.3. Traffic Analysis . . . . . . . . . . . . . . . . . . . . 17 9.1. Privacy Issues With 0-RTT data . . . . . . . . . . . . . 19
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 9.2. Privacy Issues With Session Resumption . . . . . . . . . 20
10.1. Registration of DoQ Identification String . . . . . . . 17 9.3. Privacy Issues With New Tokens . . . . . . . . . . . . . 20
10.2. Reservation of Dedicated Port . . . . . . . . . . . . . 17 9.4. Traffic Analysis . . . . . . . . . . . . . . . . . . . . 21
10.2.1. Port number 784 for experimentations . . . . . . . . 18
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 10.1. Registration of DoQ Identification String . . . . . . . 21
12.1. Normative References . . . . . . . . . . . . . . . . . . 19 10.2. Reservation of Dedicated Port . . . . . . . . . . . . . 21
12.2. Informative References . . . . . . . . . . . . . . . . . 20 10.2.1. Port number 784 for experimentations . . . . . . . . 22
12.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 21 10.3. Reservation of Extended DNS Error Code Too Early . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 10.4. DNS over QUIC Error Codes Registry . . . . . . . . . . . 22
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 24
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 24
12.1. Normative References . . . . . . . . . . . . . . . . . . 24
12.2. Informative References . . . . . . . . . . . . . . . . . 26
Appendix A. The NOTIFY service . . . . . . . . . . . . . . . . . 27
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28
1. Introduction 1. Introduction
Domain Name System (DNS) concepts are specified in "Domain names - Domain Name System (DNS) concepts are specified in "Domain names -
concepts and facilities" [RFC1034]. The transmission of DNS queries concepts and facilities" [RFC1034]. The transmission of DNS queries
and responses over UDP and TCP is specified in "Domain names - and responses over UDP and TCP is specified in "Domain names -
implementation and specification" [RFC1035]. This document presents implementation and specification" [RFC1035]. This document presents
a mapping of the DNS protocol over the QUIC transport [RFC9000] a mapping of the DNS protocol over the QUIC transport [RFC9000]
[RFC9001]. DNS over QUIC is referred here as DoQ, in line with "DNS [RFC9001]. DNS over QUIC is referred here as DoQ, in line with "DNS
Terminology" [I-D.ietf-dnsop-rfc8499bis]. The goals of the DoQ Terminology" [I-D.ietf-dnsop-rfc8499bis]. The goals of the DoQ
skipping to change at page 3, line 43 skipping to change at page 3, line 48
3. Provide a transport that is not constrained by path MTU 3. Provide a transport that is not constrained by path MTU
limitations on the size of DNS responses it can send. limitations on the size of DNS responses it can send.
4. Explore the characteristics of using QUIC as a DNS transport, 4. Explore the characteristics of using QUIC as a DNS transport,
versus other solutions like DNS over UDP [RFC1035], DNS over TLS versus other solutions like DNS over UDP [RFC1035], DNS over TLS
(DoT) [RFC7858], or DNS over HTTPS (DoH) [RFC8484]. (DoT) [RFC7858], or DNS over HTTPS (DoH) [RFC8484].
In order to achieve these goals, and to support ongoing work on In order to achieve these goals, and to support ongoing work on
encryption of DNS, the scope of this document includes encryption of DNS, the scope of this document includes
o the "stub to recursive resolver" scenario * the "stub to recursive resolver" scenario
o the "recursive resolver to authoritative nameserver" scenario and
o the "nameserver to nameserver" scenario (mainly used for zone * the "recursive resolver to authoritative nameserver" scenario and
* the "nameserver to nameserver" scenario (mainly used for zone
transfers (XFR) [RFC1995], [RFC5936]). transfers (XFR) [RFC1995], [RFC5936]).
In other words, this document is intended to specify QUIC as a In other words, this document is intended to specify QUIC as a
general purpose transport for DNS. general purpose transport for DNS.
The specific non-goals of this document are: The specific non-goals of this document are:
1. No attempt is made to evade potential blocking of DNS over QUIC 1. No attempt is made to evade potential blocking of DNS over QUIC
traffic by middleboxes. traffic by middleboxes.
skipping to change at page 5, line 21 skipping to change at page 5, line 30
4.2. Design for Minimum Latency 4.2. Design for Minimum Latency
QUIC is specifically designed to reduce the delay between HTTP QUIC is specifically designed to reduce the delay between HTTP
queries and HTTP responses. This is achieved through three main queries and HTTP responses. This is achieved through three main
components: components:
1. Support for 0-RTT data during session resumption. 1. Support for 0-RTT data during session resumption.
2. Support for advanced error recovery procedures as specified in 2. Support for advanced error recovery procedures as specified in
"QUIC Loss Detection and Congestion Control" "QUIC Loss Detection and Congestion Control" [RFC9002].
[I-D.ietf-quic-recovery].
3. Mitigation of head-of-line blocking by allowing parallel delivery 3. Mitigation of head-of-line blocking by allowing parallel delivery
of data on multiple streams. of data on multiple streams.
This mapping of DNS to QUIC will take advantage of these features in This mapping of DNS to QUIC will take advantage of these features in
three ways: three ways:
1. Optional support for sending 0-RTT data during session resumption 1. Optional support for sending 0-RTT data during session resumption
(the security and privacy implications of this are discussed in (the security and privacy implications of this are discussed in
later sections). later sections).
skipping to change at page 6, line 16 skipping to change at page 6, line 26
The mapping of DoQ is defined for minimal overhead and maximum The mapping of DoQ is defined for minimal overhead and maximum
performance. This means a different traffic profile than HTTP3 over performance. This means a different traffic profile than HTTP3 over
QUIC. This difference can be noted by firewalls and middleboxes. QUIC. This difference can be noted by firewalls and middleboxes.
There may be environments in which HTTP3 over QUIC will be able to There may be environments in which HTTP3 over QUIC will be able to
pass through, but DoQ will be blocked by these middle boxes. pass through, but DoQ will be blocked by these middle boxes.
4.4. No Server Initiated Transactions 4.4. No Server Initiated Transactions
As stated in Section 1, this document does not specify support for As stated in Section 1, this document does not specify support for
server initiated transactions. DSO is only applicable for DNS over server initiated transactions within established DoQ connections.
TCP and DNS over TLS. DSO is not applicable to DNS over HTTP since That is, only the initiator of the DoQ connection may send queries
over the connection.
DSO supports server-initiated transactions within existing
connections, however DSO is not applicable to DNS over HTTP since
HTTP has its own mechanism for managing sessions, and this is HTTP has its own mechanism for managing sessions, and this is
incompatible with the DSO; the same is true for DoQ. incompatible with the DSO; the same is true for DoQ.
5. Specifications 5. Specifications
5.1. Connection Establishment 5.1. Connection Establishment
DoQ connections are established as described in the QUIC transport DoQ connections are established as described in the QUIC transport
specification [RFC9000]. During connection establishment, DoQ specification [RFC9000]. During connection establishment, DoQ
support is indicated by selecting the ALPN token "doq" in the crypto support is indicated by selecting the ALPN token "doq" in the crypto
skipping to change at page 8, line 29 skipping to change at page 8, line 46
terminating streams, aborting reading of streams, or immediately terminating streams, aborting reading of streams, or immediately
closing connections: closing connections:
DOQ_NO_ERROR (0x00): No error. This is used when the connection or DOQ_NO_ERROR (0x00): No error. This is used when the connection or
stream needs to be closed, but there is no error to signal. stream needs to be closed, but there is no error to signal.
DOQ_INTERNAL_ERROR (0x01): The DoQ implementation encountered an DOQ_INTERNAL_ERROR (0x01): The DoQ implementation encountered an
internal error and is incapable of pursuing the transaction or the internal error and is incapable of pursuing the transaction or the
connection. connection.
DOQ_PROTOCOL_ERROR (0x01): The DoQ implementation encountered an DOQ_PROTOCOL_ERROR (0x02): The DoQ implementation encountered an
protocol error and is forcibly aborting the connection. protocol error and is forcibly aborting the connection.
5.3.1. Transaction Errors DOQ_REQUEST_CANCELLED (0x03): A DoQ client uses this to signal that
it wants to cancel an outstanding transaction.
See Section 10.4 for details on registering new error codes.
5.3.1. Transaction Cancellation
In QUIC, sending STOP_SENDING requests that a peer cease transmission
on a stream. If a DoQ client wishes to cancel an outstanding
request, it MUST issue a QUIC Stop Sending with error code
DOQ_REQUEST_CANCELLED. This may be sent at any time but will be
ignored if the server has already sent the response. The
corresponding DNS transaction MUST be abandoned.
A server that receives STOP_SENDING MUST issue a RESET_STREAM with
error code DOQ_REQUEST_CANCELLED, unless it has already sent a
complete response in which case it MAY ignore the STOP_SENDING
request. Servers MAY limit the number of DOQ_REQUEST_CANCELLED
errors received on a connection before choosing to close the
connection.
Note that this mechanism provides a way for secondaries to cancel a
single zone transfer occurring on a given stream without having to
close the QUIC connection.
5.3.2. Transaction Errors
Servers normally complete transactions by sending a DNS response (or Servers normally complete transactions by sending a DNS response (or
responses) on the transaction's stream, including cases where the DNS responses) on the transaction's stream, including cases where the DNS
response indicates a DNS error. For example, a Server Failure response indicates a DNS error. For example, a Server Failure
(SERVFAIL, [RFC1035]) SHOULD be notified to the client by sending (SERVFAIL, [RFC1035]) SHOULD be notified to the client by sending
back a response with the Response Code set to SERVFAIL. back a response with the Response Code set to SERVFAIL.
If a server is incapable of sending a DNS response due to an internal If a server is incapable of sending a DNS response due to an internal
error, it may issue a QUIC Stream Reset with error code error, it SHOULD issue a QUIC Stream Reset with error code
DOQ_INTERNAL_ERROR. The corresponding transaction MUST be abandoned. DOQ_INTERNAL_ERROR. The corresponding DNS transaction MUST be
abandoned. Clients MAY limit the number of unsolicited QUIC Stream
Resets received on a connection before choosing to close the
connection.
5.3.2. Protocol Errors Note that this mechanism provides a way for primaries to abort a
single zone transfer occurring on a given stream without having to
close the QUIC connection.
5.3.3. Protocol Errors
Other error scenarios can occur due to malformed, incomplete or Other error scenarios can occur due to malformed, incomplete or
unexpected messages during a transaction. These include (but are not unexpected messages during a transaction. These include (but are not
limited to) limited to)
o a client or server receives a message with a non-zero Message ID * a client or server receives a message with a non-zero Message ID
o a client or server receives a STREAM FIN before receiving all the * a client or server receives a STREAM FIN before receiving all the
bytes for a message indicated in the 2-octet length field bytes for a message indicated in the 2-octet length field
o a client receives a STREAM FIN before receiving all the expected * a client receives a STREAM FIN before receiving all the expected
responses responses
o a server receives more than one query on a stream * a server receives more than one query on a stream
o a client receives a different number of responses on a stream than * a client receives a different number of responses on a stream than
expected (e.g. multiple responses to a query for an A record) expected (e.g. multiple responses to a query for an A record)
o an implementation receives a message containing the edns-tcp- * a client receives a STOP_SENDING request
keepalive EDNS(0) Option [RFC7828] (see Section 6.5.2)
o an implementation receives a message containing the EDNS(0) * an implementation receives a message containing the edns-tcp-
Padding Option [RFC7830] (see Section 6.4) keepalive EDNS(0) Option [RFC7828] (see Section 6.5.2)
If a peer encounters such an error condition it is considered a fatal If a peer encounters such an error condition it is considered a fatal
error. It SHOULD forcibly abort the connection using QUIC's error. It SHOULD forcibly abort the connection using QUIC's
CONNECTION_CLOSE mechanism, and use the DoQ error code CONNECTION_CLOSE mechanism, and use the DoQ error code
DOQ_PROTCOL_ERROR. DOQ_PROTCOL_ERROR.
It is noted that the restrictions on use of the above EDNS(0) options It is noted that the restrictions on use of the above EDNS(0) options
has implications for proxying message from TCP/DoT/DoH over DoQ. has implications for proxying message from TCP/DoT/DoH over DoQ.
5.4. Connection Management 5.4. Connection Management
Section 10 of the QUIC transport specification [RFC9000] specifies Section 10 of the QUIC transport specification [RFC9000] specifies
that connections can be closed in three ways: that connections can be closed in three ways:
o idle timeout * idle timeout
o immediate close * immediate close
o stateless reset * stateless reset
Clients and servers implementing DoQ SHOULD negotiate use of the idle Clients and servers implementing DoQ SHOULD negotiate use of the idle
timeout. Closing on idle timeout is done without any packet timeout. Closing on idle timeout is done without any packet
exchange, which minimizes protocol overhead. Per section 10.1 of the exchange, which minimizes protocol overhead. Per section 10.1 of the
QUIC transport specification, the effective value of the idle timeout QUIC transport specification, the effective value of the idle timeout
is computed as the minimum of the values advertised by the two is computed as the minimum of the values advertised by the two
endpoints. Practical considerations on setting the idle timeout are endpoints. Practical considerations on setting the idle timeout are
discussed in Section 6.5.2. discussed in Section 6.5.2.
Clients SHOULD monitor the idle time incurred on their connection to Clients SHOULD monitor the idle time incurred on their connection to
skipping to change at page 10, line 21 skipping to change at page 11, line 26
error code DOQ_NO_ERROR. error code DOQ_NO_ERROR.
Clients and servers MAY close the connection for a variety of other Clients and servers MAY close the connection for a variety of other
reasons, indicated using QUIC's CONNECTION_CLOSE. Client and servers reasons, indicated using QUIC's CONNECTION_CLOSE. Client and servers
that send packets over a connection discarded by their peer MAY that send packets over a connection discarded by their peer MAY
receive a stateless reset indication. If a connection fails, all receive a stateless reset indication. If a connection fails, all
queries in progress over the connection MUST be considered failed, queries in progress over the connection MUST be considered failed,
and a Server Failure (SERVFAIL, [RFC1035]) SHOULD be notified to the and a Server Failure (SERVFAIL, [RFC1035]) SHOULD be notified to the
initiator of the transaction. initiator of the transaction.
5.5. Connection Resume and 0-RTT 5.5. Session Resumption and 0-RTT
A client MAY take advantage of the connection resume mechanisms A client MAY take advantage of the session resumption mechanisms
supported by QUIC transport [RFC9000] and QUIC TLS [RFC9001]. supported by QUIC transport [RFC9000] and QUIC TLS [RFC9001].
Clients SHOULD consider potential privacy issues associated with Clients SHOULD consider potential privacy issues associated with
session resume before deciding to use this mechanism. These privacy session resumption before deciding to use this mechanism. These
issues are detailed in Section 9.2. privacy issues are detailed in Section 9.2 and Section 9.1, and the
implementation considerations are discussed in Section 6.5.3.
When resuming a session, a client MAY take advantage of the 0-RTT The 0-RTT mechanism SHOULD NOT be used to send DNS requests that are
mechanism supported by QUIC. The 0-RTT mechanism MUST NOT be used to not "replayable" transactions. Our analysis so far shows that such
send data that is not "replayable" transactions. For example, a replayable transactions can only be QUERY requests, although we may
client MAY transmit a Query as 0-RTT, but MUST NOT transmit an need to also consider NOTIFY requests once the analysis of NOTIFY
Update. services is complete, see Appendix A.
Servers MUST NOT execute non replayable transactions received in
0-RTT data. Servers MUST adopt one of the following behaviors:
* Queue the offending transaction and only execute it after the QUIC
handshake has been completed, as defined in section 4.1.1 of
[RFC9001].
* Reply to the offending transaction with a response code REFUSED
and an Extended DNS Error Code (EDE) "Too Early", see
Section 10.3.
* Close the connection with the error code DOQ_PROTOCOL_ERROR.
For the zone transfer scenario, it would be possible to replay an XFR
QUERY that had been sent in 0-RTT data. However the authentication
mechanisms described in RFC9103 ("Zone transfer over TLS") will
ensure that the response is not sent by the primary until the
identity of the secondary has been verified i.e. the first behavior
listed above.
5.6. Message Sizes 5.6. Message Sizes
DoQ Queries and Responses are sent on QUIC streams, which in theory DoQ Queries and Responses are sent on QUIC streams, which in theory
can carry up to 2^62 bytes. However, DNS messages are restricted in can carry up to 2^62 bytes. However, DNS messages are restricted in
practice to a maximum size of 65535 bytes. This maximum size is practice to a maximum size of 65535 bytes. This maximum size is
enforced by the use of a two-octet message length field in DNS over enforced by the use of a two-octet message length field in DNS over
TCP [RFC1035] and DNS over TLS [RFC7858], and by the definition of TCP [RFC1035] and DNS over TLS [RFC7858], and by the definition of
the "application/dns-message" for DNS over HTTP [RFC8484]. DoQ the "application/dns-message" for DNS over HTTP [RFC8484]. DoQ
enforces the same restriction. enforces the same restriction.
The flow control mechanisms of QUIC control how much data can be sent
by QUIC nodes at a given time. The initial values of per stream flow
control parameters is defined by two transport parameters:
o initial_max_stream_data_bidi_local: when set by the client,
specifies the amount of data that servers can send on a "response"
stream without waiting for a MAX_STREAM_DATA frame.
o initial_max_stream_data_bidi_remote: when set by the server,
specifies the amount of data that clients can send on a "query"
stream without waiting for a MAX_STREAM_DATA frame.
For better performance, it is RECOMMENDED that clients and servers
set each of these two parameters to a value of 65535 or greater.
The Extension Mechanisms for DNS (EDNS) [RFC6891] allow peers to The Extension Mechanisms for DNS (EDNS) [RFC6891] allow peers to
specify the UDP message size. This parameter is ignored by DoQ. DoQ specify the UDP message size. This parameter is ignored by DoQ. DoQ
implementations always assume that the maximum message size is 65535 implementations always assume that the maximum message size is 65535
bytes. bytes.
6. Implementation Requirements 6. Implementation Requirements
6.1. Authentication 6.1. Authentication
For the stub to recursive resolver scenario, the authentication For the stub to recursive resolver scenario, the authentication
requirements are the same as described in DoT [RFC7858] and "Usage requirements are the same as described in DoT [RFC7858] and "Usage
Profiles for DNS over TLS and DNS over DTLS" [RFC8310]. There is no Profiles for DNS over TLS and DNS over DTLS" [RFC8310]. There is no
need to authenticate the client's identity in either scenario. need to authenticate the client's identity in either scenario.
For zone transfer, the requirements are the same as described in For zone transfer, the requirements are the same as described in
[I-D.ietf-dprive-xfr-over-tls]. [RFC9103].
For the recursive resolver to authoritative nameserver scenario, For the recursive resolver to authoritative nameserver scenario,
authentication requirements are unspecified at the time of writing authentication requirements are unspecified at the time of writing
and are the subject on ongoing work in the DPRIVE WG. and are the subject on ongoing work in the DPRIVE WG.
6.2. Fall Back to Other Protocols on Connection Failure 6.2. Fall Back to Other Protocols on Connection Failure
If the establishment of the DoQ connection fails, clients MAY attempt If the establishment of the DoQ connection fails, clients MAY attempt
to fall back to DoT and then potentially clear text, as specified in to fall back to DoT and then potentially clear text, as specified in
DoT [RFC7858] and "Usage Profiles for DNS over TLS and DNS over DTLS" DoT [RFC7858] and "Usage Profiles for DNS over TLS and DNS over DTLS"
skipping to change at page 12, line 24 skipping to change at page 13, line 33
DoQ implementations that configure Address Validation using Retry DoQ implementations that configure Address Validation using Retry
Packets SHOULD implement the Address Validation for Future Packets SHOULD implement the Address Validation for Future
Connections procedure defined in section 8.1.3 of the QUIC transport Connections procedure defined in section 8.1.3 of the QUIC transport
specification [RFC9000]). This defines how servers can send NEW specification [RFC9000]). This defines how servers can send NEW
TOKEN frames to clients after the client address is validated, in TOKEN frames to clients after the client address is validated, in
order to avoid the 1-RTT penalty during subsequent connections by the order to avoid the 1-RTT penalty during subsequent connections by the
client from the same address. client from the same address.
6.4. Padding 6.4. Padding
There are mechanisms specified for padding individual DNS messages in Implementations SHOULD protect against the traffic analysis attacks
"The EDNS(0) Padding Option" [RFC7830] and for padding within QUIC described in Section 9.4 by the judicious injection of padding. This
packets (see Section 8.6 of the QUIC transport specification could be done either by padding individual DNS messages using the
[RFC9000]). EDNS(0) Padding Option [RFC7830] and by padding QUIC packets (see
Section 8.6 of the QUIC transport specification [RFC9000]).
Implementations MUST NOT use DNS options for padding individual DNS In theory, padding at the QUIC level could result in better
messages, because QUIC transport MAY transmit multiple STREAM frames performance for the equivalent protection, because the amount of
containing separate DNS messages in a single QUIC packet. Instead, padding can take into account non-DNS frames such as acknowledgeemnts
implementations SHOULD use QUIC PADDING frames to align the packet or flow control updates, and also because QUIC packets can carry
length to a small set of fixed sizes, aligned with the multiple DNS messages. However, applications can only control the
recommendations of the "Padding Policies for Extension Mechanisms for amount of padding in QUIC packets if the implementation of QUIC
DNS (EDNS(0))" [RFC8467]. exposes adequate APIs. This leads to the following recommendation:
* if the implementation of QUIC exposes APIs to set a padding
policy, DNS over QUIC SHOULD use that API to align the packet
length to a small set of fixed sizes, aligned with the
recommendations of the "Padding Policies for Extension Mechanisms
for DNS (EDNS(0))" [RFC8467].
* if padding at the QUIC level is not available or not used, DNS
over QUIC MUST ensure that all DNS queries and responses are
padded to a small set of fixed sizes, using the EDNS padding
extension as specified in "Padding Policies for Extension
Mechanisms for DNS (EDNS(0))" [RFC8467].
6.5. Connection Handling 6.5. Connection Handling
"DNS Transport over TCP - Implementation Requirements" [RFC7766] "DNS Transport over TCP - Implementation Requirements" [RFC7766]
provides updated guidance on DNS over TCP, some of which is provides updated guidance on DNS over TCP, some of which is
applicable to DoQ. This section attempts to specify which and how applicable to DoQ. This section attempts to specify which and how
those considerations apply to DoQ. those considerations apply to DoQ.
6.5.1. Connection Reuse 6.5.1. Connection Reuse
skipping to change at page 13, line 18 skipping to change at page 14, line 38
server over a QUIC connection, it SHOULD NOT wait for an outstanding server over a QUIC connection, it SHOULD NOT wait for an outstanding
reply before sending the next query. reply before sending the next query.
6.5.2. Resource Management and Idle Timeout Values 6.5.2. Resource Management and Idle Timeout Values
Proper management of established and idle connections is important to Proper management of established and idle connections is important to
the healthy operation of a DNS server. An implementation of DoQ the healthy operation of a DNS server. An implementation of DoQ
SHOULD follow best practices similar to those specified for DNS over SHOULD follow best practices similar to those specified for DNS over
TCP [RFC7766], in particular with regard to: TCP [RFC7766], in particular with regard to:
o Concurrent Connections (Section 6.2.2) * Concurrent Connections (Section 6.2.2)
o Security Considerations (Section 10) * Security Considerations (Section 10)
Failure to do so may lead to resource exhaustion and denial of Failure to do so may lead to resource exhaustion and denial of
service. service.
Clients that want to maintain long duration DoQ connections SHOULD Clients that want to maintain long duration DoQ connections SHOULD
use the idle timeout mechanisms defined in Section 10.1 of the QUIC use the idle timeout mechanisms defined in Section 10.1 of the QUIC
transport specification [RFC9000]. Clients and servers MUST NOT send transport specification [RFC9000]. Clients and servers MUST NOT send
the edns-tcp-keepalive EDNS(0) Option [RFC7828] in any messages sent the edns-tcp-keepalive EDNS(0) Option [RFC7828] in any messages sent
on a DoQ connection (because it is specific to the use of TCP/TLS as on a DoQ connection (because it is specific to the use of TCP/TLS as
a transport). a transport).
This document does not make specific recommendations for timeout This document does not make specific recommendations for timeout
values on idle connections. Clients and servers should reuse and/or values on idle connections. Clients and servers should reuse and/or
close connections depending on the level of available resources. close connections depending on the level of available resources.
Timeouts may be longer during periods of low activity and shorter Timeouts may be longer during periods of low activity and shorter
during periods of high activity. during periods of high activity.
Clients that are willing to use QUIC's 0-RTT mechanism can 6.5.3. Using 0-RTT and Session Resumption
reestablish connections and send transactions on the new connection
with minimal delay overhead. These clients MAY chose low values of Using 0-RTT for DNS over QUIC has many compelling advantages.
the idle timer. Clients can establish connections and send queries without incurring
a connection delay. Servers can thus negotiate low values of the
connection timers, which reduces the total number of connections that
they need to manage. They can do that because the clients that use
0-RTT will not incur latency penalties if new connections are
required for a query.
Session resumption and 0-RTT data transmission create privacy risks
detailed in detailed in Section 9.2 and Section 9.1. The following
recommendations are meant to reduce the privacy risks while enjoying
the performance benefits of 0-RTT data, with the restriction
specified in Section 5.5.
Clients SHOULD use resumption tickets only once, as specified in
Appendix C.4 to [RFC8446]. Clients could receive address validation
tokens from the server using the NEW TOKEN mechanism; see section 8
of [RFC9000]. The associated tracking risks are mentioned in
Section 9.3. Clients SHOULD only use the address validation tokens
when they are also using session resumption, thus avoiding additional
tracking risks.
Servers SHOULD issue session resumption tickets with a sufficiently
long life time (e.g., 6 hours), so that clients are not tempted to
either keep connection alive or frequently poll the server to renew
session resumption tickets. Servers SHOULD implement the anti-replay
mechanisms specified in section 8 of [RFC8446].
6.6. Processing Queries in Parallel 6.6. Processing Queries in Parallel
As specified in Section 7 of "DNS Transport over TCP - Implementation As specified in Section 7 of "DNS Transport over TCP - Implementation
Requirements" [RFC7766], resolvers are RECOMMENDED to support the Requirements" [RFC7766], resolvers are RECOMMENDED to support the
preparing of responses in parallel and sending them out of order. In preparing of responses in parallel and sending them out of order. In
DoQ, they do that by sending responses on their specific stream as DoQ, they do that by sending responses on their specific stream as
soon as possible, without waiting for availability of responses for soon as possible, without waiting for availability of responses for
previously opened streams. previously opened streams.
6.7. Zone transfer 6.7. Zone transfer
[I-D.ietf-dprive-xfr-over-tls] specifies zone transfer over TLS (XoT) [RFC9103] specifies zone transfer over TLS (XoT) and includes updates
and includes updates to [RFC1995] (IXFR), [RFC5936] (AXFR) and to [RFC1995] (IXFR), [RFC5936] (AXFR) and [RFC7766]. Considerations
[RFC7766]. Considerations relating to the re-use of XoT connections relating to the re-use of XoT connections described there apply
described there apply analogously to zone transfers performed using analogously to zone transfers performed using DoQ connections. For
DoQ connections. For example: example:
o DoQ servers MUST be able to handle multiple concurrent IXFR * DoQ servers MUST be able to handle multiple concurrent IXFR
requests on a single QUIC connection requests on a single QUIC connection
o DoQ servers MUST be able to handle multiple concurrent AXFR * DoQ servers MUST be able to handle multiple concurrent AXFR
requests on a single QUIC connection requests on a single QUIC connection
o DoQ implementations SHOULD * DoQ implementations SHOULD
* use the same QUIC connection for both AXFR and IXFR requests to - use the same QUIC connection for both AXFR and IXFR requests to
the same primary the same primary
* pipeline such requests (if they pipeline XFR requests in - pipeline such requests (if they pipeline XFR requests in
general) and MAY intermingle them general) and MAY intermingle them
* send the response(s) for each request as soon as they are - send the response(s) for each request as soon as they are
available i.e. responses MAY be sent intermingled available i.e. responses MAY be sent intermingled
6.8. Flow Control Mechanisms 6.8. Flow Control Mechanisms
Servers and Clients manage flow control as specified in QUIC. Servers and Clients manage flow control using the mechanisms defined
in section 4 of [RFC9000]. These mechanisms allow clients and
servers to specify how many streams can be created, how much data can
be sent on a stream, and how much data can be sent on the union of
all streams. For DNS over QUIC, controlling how many streams are
created allows servers to control how many new requests the client
can send on a given connection.
Servers MAY use the "maximum stream ID" option of the QUIC transport Flow control exists to protect endpoint resources. For servers,
to limit the number of streams opened by the client. This mechanism global and per-stream flow control limits control how much data can
will effectively limit the number of DNS queries that a client can be sent by clients. The same mechanisms allow clients to control how
send on a single DoQ connection. much data can be sent by servers. Values that are too small will
unnecessarily limit performance. Values that are too large might
expose endpoints to overload or memory exhaustion. Implementations
or deployments will need to adjust flow control limits to balance
these concerns. In particular, zone transfer implementations will
need to control these limits carefully to ensure both large and
concurrent zone transfers are well managed.
Initial values of parameters control how many requests and how much
data can be sent by clients and servers at the beginning of the
connection. These values are specified in transport parameters
exchanged during the connection handshake. The parameter values
received in the initial connection also control how many requests and
how much data can be sent by clients using 0-RTT data in a resumed
connection. Using too small values of these initial parameters would
restrict the usefulness of allowing 0-RTT data.
7. Implementation Status 7. Implementation Status
(RFC EDITOR NOTE: THIS SECTION TO BE REMOVED BEFORE PUBLICATION) This (RFC EDITOR NOTE: THIS SECTION TO BE REMOVED BEFORE PUBLICATION) This
section records the status of known implementations of the protocol section records the status of known implementations of the protocol
defined by this specification at the time of posting of this defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in [RFC7942]. Internet-Draft, and is based on a proposal described in [RFC7942].
1. AdGuard launched a DoQ recursive resolver service in December 1. AdGuard launched a DoQ recursive resolver service in December
2020. They have released a suite of open source tools that 2020. They have released a suite of open source tools that
support DoQ: support DoQ:
1. AdGuard C++ DNS libraries [1] A DNS proxy library that 1. AdGuard C++ DNS libraries (https://github.com/AdguardTeam/
supports all existing DNS protocols including DNS-over-TLS, DnsLibs) A DNS proxy library that supports all existing DNS
DNS-over-HTTPS, DNSCrypt and DNS-over-QUIC (experimental). protocols including DNS-over-TLS, DNS-over-HTTPS, DNSCrypt
and DNS-over-QUIC (experimental).
2. DNS Proxy [2] A simple DNS proxy server that supports all 2. DNS Proxy (https://github.com/AdguardTeam/dnsproxy) A simple
existing DNS protocols including DNS-over-TLS, DNS-over- DNS proxy server that supports all existing DNS protocols
HTTPS, DNSCrypt, and DNS-over-QUIC. Moreover, it can work as including DNS-over-TLS, DNS-over-HTTPS, DNSCrypt, and DNS-
a DNS-over-HTTPS, DNS-over-TLS or DNS-over-QUIC server. over-QUIC. Moreover, it can work as a DNS-over-HTTPS, DNS-
over-TLS or DNS-over-QUIC server.
3. CoreDNS fork for AdGuard DNS [3] Includes DNS-over-QUIC 3. CoreDNS fork for AdGuard DNS (https://github.com/AdguardTeam/
server-side support. coredns) Includes DNS-over-QUIC server-side support.
4. dnslookup [4] Simple command line utility to make DNS 4. dnslookup (https://github.com/ameshkov/dnslookup) Simple
lookups. Supports all known DNS protocols: plain DNS, DoH, command line utility to make DNS lookups. Supports all known
DoT, DoQ, DNSCrypt. DNS protocols: plain DNS, DoH, DoT, DoQ, DNSCrypt.
2. Quicdoq [5] Quicdoq is a simple open source implementation of 2. Quicdoq (https://github.com/private-octopus/quicdoq) Quicdoq is a
DoQ. It is written in C, based on Picoquic [6]. simple open source implementation of DoQ. It is written in C,
based on Picoquic (https://github.com/private-octopus/picoquic).
3. Flamethrower [7] is an open source DNS performance and functional 3. Flamethrower (https://github.com/DNS-OARC/flamethrower/tree/dns-
over-quic) is an open source DNS performance and functional
testing utility written in C++ that has an experimental testing utility written in C++ that has an experimental
implementation of DoQ. implementation of DoQ.
4. aioquic [8] is an implementation of QUIC in Python. It includes 4. aioquic (https://github.com/aiortc/aioquic) is an implementation
example client and server for DoQ. of QUIC in Python. It includes example client and server for
DoQ.
7.1. Performance Measurements 7.1. Performance Measurements
To our knowledge, no benchmarking studies comparing DoT, DoH and DoQ To our knowledge, no benchmarking studies comparing DoT, DoH and DoQ
are published yet. However anecdotal evidence from the AdGuard DoQ are published yet. However anecdotal evidence from the AdGuard DoQ
recursive resolver deployment [9] indicates that it performs well recursive resolver deployment (https://adguard.com/en/blog/dns-over-
compared to the other encrypted protocols, particularly in mobile quic.html) indicates that it performs well compared to the other
environments. Reasons given for this include that DoQ encrypted protocols, particularly in mobile environments. Reasons
given for this include that DoQ
o Uses less bandwidth due to a more efficient handshake (and due to * Uses less bandwidth due to a more efficient handshake (and due to
less per message overhead when compared to DoH). less per message overhead when compared to DoH).
o Performs better in mobile environments due to the increased * Performs better in mobile environments due to the increased
resilience to packet loss resilience to packet loss
o Can maintain connections as users move between mobile networks via * Can maintain connections as users move between mobile networks via
its connection management its connection management
8. Security Considerations 8. Security Considerations
The security considerations of DoQ should be comparable to those of The security considerations of DoQ should be comparable to those of
DoT [RFC7858]. DoT [RFC7858].
9. Privacy Considerations 9. Privacy Considerations
The general considerations of encrypted transports provided in "DNS The general considerations of encrypted transports provided in "DNS
skipping to change at page 16, line 19 skipping to change at page 18, line 46
The specific considerations provided there do not differ between DoT The specific considerations provided there do not differ between DoT
and DoQ, and are not discussed further here. and DoQ, and are not discussed further here.
QUIC incorporates the mechanisms of TLS 1.3 [RFC8446] and this QUIC incorporates the mechanisms of TLS 1.3 [RFC8446] and this
enables QUIC transmission of "0-RTT" data. This can provide enables QUIC transmission of "0-RTT" data. This can provide
interesting latency gains, but it raises two concerns: interesting latency gains, but it raises two concerns:
1. Adversaries could replay the 0-RTT data and infer its content 1. Adversaries could replay the 0-RTT data and infer its content
from the behavior of the receiving server. from the behavior of the receiving server.
2. The 0-RTT mechanism relies on TLS resume, which can provide 2. The 0-RTT mechanism relies on TLS session resumption, which can
linkability between successive client sessions. provide linkability between successive client sessions.
These issues are developed in Section 9.1 and Section 9.2. These issues are developed in Section 9.1 and Section 9.2.
9.1. Privacy Issues With 0-RTT data 9.1. Privacy Issues With 0-RTT data
The 0-RTT data can be replayed by adversaries. That data may trigger The 0-RTT data can be replayed by adversaries. That data may trigger
queries by a recursive resolver to authoritative resolvers. queries by a recursive resolver to authoritative resolvers.
Adversaries may be able to pick a time at which the recursive Adversaries may be able to pick a time at which the recursive
resolver outgoing traffic is observable, and thus find out what name resolver outgoing traffic is observable, and thus find out what name
was queried for in the 0-RTT data. was queried for in the 0-RTT data.
This risk is in fact a subset of the general problem of observing the This risk is in fact a subset of the general problem of observing the
behavior of the recursive resolver discussed in "DNS Privacy behavior of the recursive resolver discussed in "DNS Privacy
Considerations" [RFC7626]. The attack is partially mitigated by Considerations" [RFC7626]. The attack is partially mitigated by
reducing the observability of this traffic. However, the risk is reducing the observability of this traffic. However, the risk is
amplified for 0-RTT data, because the attacker might replay it at amplified for 0-RTT data, because the attacker might replay it at
chosen times, several times. chosen times, several times.
The recommendation for TLS 1.3 [RFC8446] is that the capability to The recommendation for TLS 1.3 [RFC8446] is that the capability to
use 0-RTT data should be turned off by default, and only enabled if use 0-RTT data should be turned off by default, and only enabled if
the user clearly understands the associated risks. the user clearly understands the associated risks. In our case,
allowing 0-RTT data provides significant performance gains, and we
are concerned that a recommendation to not use it would simply be
ignored. Instead, we provide a set of practical recommendations in
Section 5.5 and Section 6.5.3.
QUESTION: Should 0-RTT only be used with Opportunistic profiles (i.e. The prevention on allowing replayable transactions in 0-RTT data
disabled by default for Strict only)? expressed in Section 5.5 blocks the most obvious risks of replay
attacks, as it only allows for transactions that will not change the
long term state of the server.
9.2. Privacy Issues With Session Resume Attacks trying to assess the state of the cache are more powerful if
the attacker can choose the time at which the 0-RTT data will be
replayed. Such attacks are blocked if the server enforces single-use
tickets, or if the server implements a combination of Client Hello
recording and freshness checks, as specified in section 8 of
[RFC8446]. These blocking mechanisms rely on shared state between
all server instances in a server system. In the case of DNS over
QUIC, the protection against replay attacks on the DNS cache is
achieved if this state is shared between all servers that share the
same DNS cache.
The QUIC session resume mechanism reduces the cost of re-establishing The attacks described above apply to the stub resolver to recursive
sessions and enables 0-RTT data. There is a linkability issue resolver scenario, but similar attacks might be envisaged in the
associated with session resume, if the same resume token is used recursive resolver to authoritative resolver scenario, and the same
several times, but this risk is mitigated by the mechanisms mitigations apply.
incorporated in QUIC and in TLS 1.3. With these mechanisms, clients
and servers can cooperate to avoid linkability by third parties.
However, the server will always be able to link the resumed session
to the initial session. This creates a virtual long duration
session. The series of queries in that session can be used by the
server to identify the client.
Enabling the server to link client sessions through session resume is 9.2. Privacy Issues With Session Resumption
probably not a large additional risk if the client's connectivity did
not change between the sessions, since the two sessions can probably
be correlated by comparing the IP addresses. On the other hand, if
the addresses did change, the client SHOULD consider whether the
linkability risk exceeds the performance benefits. This evaluation
will obviously depend on the level of trust between client and
server.
9.3. Traffic Analysis The QUIC session resumption mechanism reduces the cost of re-
establishing sessions and enables 0-RTT data. There is a linkability
issue associated with session resumption, if the same resumption
token is used several times. Attackers on path between client and
server could observe repeated usage of the token and use that to
track the client over time or over multiple locations.
The session resumption mechanism allows servers to correlate the
resumed sessions with the initial sessions, and thus to track the
client. This creates a virtual long duration session. The series of
queries in that session can be used by the server to identify the
client. Servers can most probably do that already if the client
address remains constant, but session resumption tickets also enable
tracking after changes of the client's address.
The recommendations in Section 6.5.3 are designed to mitigate these
risks. Using session tickets only once mitigates the risk of
tracking by third parties. Refusing to resume a session if addresses
change mitigates the risk of tracking by the server.
The privacy trade-offs here may be context specific. Stub resolvers
will have a strong motivation to prefer privacy over latency since
they often change location. However, recursive resolvers that use a
small set of static IP addresses are more likely to prefer the
reduced latency provided by session resumption and may consider this
a valid reason to use resumption tickets even if the IP address
changed between sessions.
Encrypted zone transfer (RFC9103) explicitly does not attempt to hide
the identity of the parties involved in the transfer, but at the same
time such transfers are not particularly latency sensitive. This
means that applications supporting zone transfers may decide to apply
the same protections as stub to recursive applications.
9.3. Privacy Issues With New Tokens
QUIC specifies address validation mechanisms in section 8 of
[RFC9000]. Use of an address validation token allows QUIC servers to
avoid an extra RTT for new connections. Address validation tokens
are typically tied to an IP address. QUIC clients normally only use
these tokens when setting a new connection from a previously used
address. However, due to the prevalence of NAT, clients are not
always aware that they are using a new address. There is a
linkability risk if clients mistakenly use address validation tokens
after unknowingly moving to a new location.
The recommendations in Section 6.5.3 mitigates this risk by tying the
usage of the NEW TOKEN to that of session resumption.
9.4. Traffic Analysis
Even though QUIC packets are encrypted, adversaries can gain Even though QUIC packets are encrypted, adversaries can gain
information from observing packet lengths, in both queries and information from observing packet lengths, in both queries and
responses, as well as packet timing. Many DNS requests are emitted responses, as well as packet timing. Many DNS requests are emitted
by web browsers. Loading a specific web page may require resolving by web browsers. Loading a specific web page may require resolving
dozen of DNS names. If an application adopts a simple mapping of one dozen of DNS names. If an application adopts a simple mapping of one
query or response per packet, or "one QUIC STREAM frame per packet", query or response per packet, or "one QUIC STREAM frame per packet",
then the succession of packet lengths may provide enough information then the succession of packet lengths may provide enough information
to identify the requested site. to identify the requested site.
skipping to change at page 18, line 9 skipping to change at page 21, line 46
10.2. Reservation of Dedicated Port 10.2. Reservation of Dedicated Port
Port 853 is currently reserved for 'DNS query-response protocol run Port 853 is currently reserved for 'DNS query-response protocol run
over TLS/DTLS' [RFC7858]. However, the specification for DNS over over TLS/DTLS' [RFC7858]. However, the specification for DNS over
DTLS (DoD) [RFC8094] is experimental, limited to stub to resolver, DTLS (DoD) [RFC8094] is experimental, limited to stub to resolver,
and no implementations or deployments currently exist to our and no implementations or deployments currently exist to our
knowledge (even though several years have passed since the knowledge (even though several years have passed since the
specification was published). specification was published).
This specification proposes to additionally reserve the use of port This specification proposes to additionally reserve the use of port
853 for DoQ. Whilst [RFC8094] did not specify the use of an ALPN for 853 for DoQ. QUIC was designed to be able to co-exist with other
DoD, DoQ requires the use of the "doq" ALPN and is therefore de- protocols on the same port, including DTLS , see Section 17.2 in
muxable from DoD. [RFC9000].
IANA is requested to add the following value to the "Service Name and IANA is requested to add the following value to the "Service Name and
Transport Protocol Port Number Registry" in the System Range. The Transport Protocol Port Number Registry" in the System Range. The
registry for that range requires IETF Review or IESG Approval registry for that range requires IETF Review or IESG Approval
[RFC6335]. [RFC6335].
Service Name dns-over-quic Service Name dns-over-quic
Port Number 853 Port Number 853
Transport Protocol(s) UDP Transport Protocol(s) UDP
Assignee IESG Assignee IESG
skipping to change at page 18, line 35 skipping to change at page 22, line 27
10.2.1. Port number 784 for experimentations 10.2.1. Port number 784 for experimentations
(RFC EDITOR NOTE: THIS SECTION TO BE REMOVED BEFORE PUBLICATION) (RFC EDITOR NOTE: THIS SECTION TO BE REMOVED BEFORE PUBLICATION)
Early experiments MAY use port 784. This port is marked in the IANA Early experiments MAY use port 784. This port is marked in the IANA
registry as unassigned. registry as unassigned.
(Note that version in -02 of this draft experiments were directed to (Note that version in -02 of this draft experiments were directed to
use port 8853.) use port 8853.)
10.3. Reservation of Extended DNS Error Code Too Early
IANA is requested to add the following value to the Extended DNS
Error Codes registry [RFC8914]:
INFO-CODE TBD
Purpose Too Early
Reference This document
10.4. DNS over QUIC Error Codes Registry
IANA [SHALL add/has added] a registry for "DNS over QUIC Error Codes"
on the "Domain Name System (DNS) Parameters" web page.
The "DNS over QUIC Error Codes" registry governs a 62-bit space.
This space is split into three regions that are governed by different
policies:
* Permanent registrations for values between 0x00 and 0x3f (in
hexadecimal; inclusive), which are assigned using Standards Action
or IESG Approval as defined in Section 4.9 and 4.10 of [RFC8126]
* Permanent registrations for values larger than 0x3f, which are
assigned using the Specification Required policy ([RFC8126])
* Provisonal registrations for values larger than 0x3f, which
require Expert Review, as defined in Section 4.5 of [RFC8126].
Provisional reservations share the range of values larger than 0x3f
with some permanent registrations. This is by design, to enable
conversion of provisional registrations into permanent registrations
without requiring changes in deployed systems. (This design is
aligned with the principles set in section 22 of [RFC9000].)
Registrations in this registry MUST include the following fields:
Value: The assigned codepoint.
Status: "Permanent" or "Provisional".
Contact: Contact details for the registrant.
Notes: Supplementary notes about the registration.
In addition, permanent registrations MUST include:
Error: A short mnemonic for the parameter.
Specification: A reference to a publicly available specification for
the value (optional for provisional registrations).
Description: A brief description of the error code semantics, which
MAY be a summary if a specification reference is provided.
Provisional registrations of codepoints are intended to allow for
private use and experimentation with extensions to DNS over QUIC.
However, provisional registrations could be reclaimed and reassigned
for another purpose. In addition to the parameters listed above,
provisional registrations MUST include:
Date: The date of last update to the registration.
A request to update the date on any provisional registration can be
made without review from the designated expert(s).
The initial contents of this registry are shown in Table 1.
+=======+=======================+===================+===============+
| Value | Error | Description | Specification |
+=======+=======================+===================+===============+
| 0x0 | DOQ_NO_ERROR | No error | Section 5.3 |
+-------+-----------------------+-------------------+---------------+
| 0x1 | DOQ_INTERNAL_ERROR | Implementation | Section 5.3 |
| | | error | |
+-------+-----------------------+-------------------+---------------+
| 0x2 | DOQ_PROTOCOL_ERROR | Generic protocol | Section 5.3 |
| | | violation | |
+-------+-----------------------+-------------------+---------------+
| 0x3 | DOQ_REQUEST_CANCELLED | Request | Section 5.3 |
| | | cancelled by | |
| | | client | |
+-------+-----------------------+-------------------+---------------+
Table 1: Initial DNS over QUIC Error Codes Entries
11. Acknowledgements 11. Acknowledgements
This document liberally borrows text from the HTTP-3 specification This document liberally borrows text from the HTTP-3 specification
[I-D.ietf-quic-http] edited by Mike Bishop, and from the DoT [I-D.ietf-quic-http] edited by Mike Bishop, and from the DoT
specification [RFC7858] authored by Zi Hu, Liang Zhu, John Heidemann, specification [RFC7858] authored by Zi Hu, Liang Zhu, John Heidemann,
Allison Mankin, Duane Wessels, and Paul Hoffman. Allison Mankin, Duane Wessels, and Paul Hoffman.
The privacy issue with 0-RTT data and session resume were analyzed by The privacy issue with 0-RTT data and session resumption were
Daniel Kahn Gillmor (DKG) in a message to the IETF "DPRIVE" working analyzed by Daniel Kahn Gillmor (DKG) in a message to the IETF
group [DNS0RTT]. "DPRIVE" working group [DNS0RTT].
Thanks to Tony Finch for an extensive review of the initial version Thanks to Tony Finch for an extensive review of the initial version
of this draft. Reviews by Paul Hoffman and interoperability tests of this draft, and to Robert Evans for the discussion of 0-RTT
conducted by Stephane Bortzmeyer helped improve the definition of the privacy issues. Reviews by Paul Hoffman and Martin Thomson and
protocol. interoperability tests conducted by Stephane Bortzmeyer helped
improve the definition of the protocol.
12. References 12. References
12.1. Normative References 12.1. Normative References
[I-D.ietf-dnsop-rfc8499bis] [I-D.ietf-dnsop-rfc8499bis]
Hoffman, P. and K. Fujiwara, "DNS Terminology", draft- Hoffman, P. and K. Fujiwara, "DNS Terminology", Work in
ietf-dnsop-rfc8499bis-02 (work in progress), June 2021. Progress, Internet-Draft, draft-ietf-dnsop-rfc8499bis-02,
24 June 2021, <https://www.ietf.org/archive/id/draft-ietf-
[I-D.ietf-dprive-xfr-over-tls] dnsop-rfc8499bis-02.txt>.
Toorop, W., Dickinson, S., Sahib, S., Aras, P., and A.
Mankin, "DNS Zone Transfer-over-TLS", draft-ietf-dprive-
xfr-over-tls-12 (work in progress), May 2021.
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987,
<https://www.rfc-editor.org/info/rfc1034>. <https://www.rfc-editor.org/info/rfc1034>.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>. November 1987, <https://www.rfc-editor.org/info/rfc1035>.
[RFC1995] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995, [RFC1995] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995,
skipping to change at page 20, line 5 skipping to change at page 25, line 37
[RFC7766] Dickinson, J., Dickinson, S., Bellis, R., Mankin, A., and [RFC7766] Dickinson, J., Dickinson, S., Bellis, R., Mankin, A., and
D. Wessels, "DNS Transport over TCP - Implementation D. Wessels, "DNS Transport over TCP - Implementation
Requirements", RFC 7766, DOI 10.17487/RFC7766, March 2016, Requirements", RFC 7766, DOI 10.17487/RFC7766, March 2016,
<https://www.rfc-editor.org/info/rfc7766>. <https://www.rfc-editor.org/info/rfc7766>.
[RFC7828] Wouters, P., Abley, J., Dickinson, S., and R. Bellis, "The [RFC7828] Wouters, P., Abley, J., Dickinson, S., and R. Bellis, "The
edns-tcp-keepalive EDNS0 Option", RFC 7828, edns-tcp-keepalive EDNS0 Option", RFC 7828,
DOI 10.17487/RFC7828, April 2016, DOI 10.17487/RFC7828, April 2016,
<https://www.rfc-editor.org/info/rfc7828>. <https://www.rfc-editor.org/info/rfc7828>.
[RFC7830] Mayrhofer, A., "The EDNS(0) Padding Option", RFC 7830,
DOI 10.17487/RFC7830, May 2016,
<https://www.rfc-editor.org/info/rfc7830>.
[RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D.,
and P. Hoffman, "Specification for DNS over Transport and P. Hoffman, "Specification for DNS over Transport
Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May
2016, <https://www.rfc-editor.org/info/rfc7858>. 2016, <https://www.rfc-editor.org/info/rfc7858>.
[RFC7873] Eastlake 3rd, D. and M. Andrews, "Domain Name System (DNS) [RFC7873] Eastlake 3rd, D. and M. Andrews, "Domain Name System (DNS)
Cookies", RFC 7873, DOI 10.17487/RFC7873, May 2016, Cookies", RFC 7873, DOI 10.17487/RFC7873, May 2016,
<https://www.rfc-editor.org/info/rfc7873>. <https://www.rfc-editor.org/info/rfc7873>.
[RFC8094] Reddy, T., Wing, D., and P. Patil, "DNS over Datagram [RFC8094] Reddy, T., Wing, D., and P. Patil, "DNS over Datagram
Transport Layer Security (DTLS)", RFC 8094, Transport Layer Security (DTLS)", RFC 8094,
DOI 10.17487/RFC8094, February 2017, DOI 10.17487/RFC8094, February 2017,
<https://www.rfc-editor.org/info/rfc8094>. <https://www.rfc-editor.org/info/rfc8094>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8310] Dickinson, S., Gillmor, D., and T. Reddy, "Usage Profiles [RFC8310] Dickinson, S., Gillmor, D., and T. Reddy, "Usage Profiles
for DNS over TLS and DNS over DTLS", RFC 8310, for DNS over TLS and DNS over DTLS", RFC 8310,
DOI 10.17487/RFC8310, March 2018, DOI 10.17487/RFC8310, March 2018,
<https://www.rfc-editor.org/info/rfc8310>. <https://www.rfc-editor.org/info/rfc8310>.
[RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS [RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS
(DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018, (DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018,
<https://www.rfc-editor.org/info/rfc8484>. <https://www.rfc-editor.org/info/rfc8484>.
[RFC8914] Kumari, W., Hunt, E., Arends, R., Hardaker, W., and D.
Lawrence, "Extended DNS Errors", RFC 8914,
DOI 10.17487/RFC8914, October 2020,
<https://www.rfc-editor.org/info/rfc8914>.
[RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000, Multiplexed and Secure Transport", RFC 9000,
DOI 10.17487/RFC9000, May 2021, DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/info/rfc9000>. <https://www.rfc-editor.org/info/rfc9000>.
[RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure [RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure
QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021, QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021,
<https://www.rfc-editor.org/info/rfc9001>. <https://www.rfc-editor.org/info/rfc9001>.
[RFC9103] Toorop, W., Dickinson, S., Sahib, S., Aras, P., and A.
Mankin, "DNS Zone Transfer over TLS", RFC 9103,
DOI 10.17487/RFC9103, August 2021,
<https://www.rfc-editor.org/info/rfc9103>.
12.2. Informative References 12.2. Informative References
[DNS0RTT] Kahn Gillmor, D., "DNS + 0-RTT", Message to DNS-Privacy WG [DNS0RTT] Kahn Gillmor, D., "DNS + 0-RTT", Message to DNS-Privacy WG
mailing list, April 2016, <https://www.ietf.org/mail- mailing list, 6 April 2016, <https://www.ietf.org/mail-
archive/web/dns-privacy/current/msg01276.html>. archive/web/dns-privacy/current/msg01276.html>.
[I-D.ietf-dprive-rfc7626-bis] [I-D.ietf-dprive-rfc7626-bis]
Wicinski, T., "DNS Privacy Considerations", draft-ietf- Wicinski, T., "DNS Privacy Considerations", Work in
dprive-rfc7626-bis-09 (work in progress), March 2021. Progress, Internet-Draft, draft-ietf-dprive-rfc7626-bis-
09, 9 March 2021, <https://www.ietf.org/archive/id/draft-
ietf-dprive-rfc7626-bis-09.txt>.
[I-D.ietf-quic-http] [I-D.ietf-quic-http]
Bishop, M., "Hypertext Transfer Protocol Version 3 Bishop, M., "Hypertext Transfer Protocol Version 3
(HTTP/3)", draft-ietf-quic-http-34 (work in progress), (HTTP/3)", Work in Progress, Internet-Draft, draft-ietf-
February 2021. quic-http-34, 2 February 2021,
<https://www.ietf.org/archive/id/draft-ietf-quic-http-
[I-D.ietf-quic-recovery] 34.txt>.
Iyengar, J. and I. Swett, "QUIC Loss Detection and
Congestion Control", draft-ietf-quic-recovery-34 (work in
progress), January 2021.
[RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S.
Cheshire, "Internet Assigned Numbers Authority (IANA) Cheshire, "Internet Assigned Numbers Authority (IANA)
Procedures for the Management of the Service Name and Procedures for the Management of the Service Name and
Transport Protocol Port Number Registry", BCP 165, Transport Protocol Port Number Registry", BCP 165,
RFC 6335, DOI 10.17487/RFC6335, August 2011, RFC 6335, DOI 10.17487/RFC6335, August 2011,
<https://www.rfc-editor.org/info/rfc6335>. <https://www.rfc-editor.org/info/rfc6335>.
[RFC7626] Bortzmeyer, S., "DNS Privacy Considerations", RFC 7626, [RFC7626] Bortzmeyer, S., "DNS Privacy Considerations", RFC 7626,
DOI 10.17487/RFC7626, August 2015, DOI 10.17487/RFC7626, August 2015,
<https://www.rfc-editor.org/info/rfc7626>. <https://www.rfc-editor.org/info/rfc7626>.
[RFC7830] Mayrhofer, A., "The EDNS(0) Padding Option", RFC 7830,
DOI 10.17487/RFC7830, May 2016,
<https://www.rfc-editor.org/info/rfc7830>.
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", BCP 205, Code: The Implementation Status Section", BCP 205,
RFC 7942, DOI 10.17487/RFC7942, July 2016, RFC 7942, DOI 10.17487/RFC7942, July 2016,
<https://www.rfc-editor.org/info/rfc7942>. <https://www.rfc-editor.org/info/rfc7942>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
[RFC8467] Mayrhofer, A., "Padding Policies for Extension Mechanisms [RFC8467] Mayrhofer, A., "Padding Policies for Extension Mechanisms
for DNS (EDNS(0))", RFC 8467, DOI 10.17487/RFC8467, for DNS (EDNS(0))", RFC 8467, DOI 10.17487/RFC8467,
October 2018, <https://www.rfc-editor.org/info/rfc8467>. October 2018, <https://www.rfc-editor.org/info/rfc8467>.
[RFC8490] Bellis, R., Cheshire, S., Dickinson, J., Dickinson, S., [RFC8490] Bellis, R., Cheshire, S., Dickinson, J., Dickinson, S.,
Lemon, T., and T. Pusateri, "DNS Stateful Operations", Lemon, T., and T. Pusateri, "DNS Stateful Operations",
RFC 8490, DOI 10.17487/RFC8490, March 2019, RFC 8490, DOI 10.17487/RFC8490, March 2019,
<https://www.rfc-editor.org/info/rfc8490>. <https://www.rfc-editor.org/info/rfc8490>.
12.3. URIs [RFC9002] Iyengar, J., Ed. and I. Swett, Ed., "QUIC Loss Detection
and Congestion Control", RFC 9002, DOI 10.17487/RFC9002,
[1] https://github.com/AdguardTeam/DnsLibs May 2021, <https://www.rfc-editor.org/info/rfc9002>.
[2] https://github.com/AdguardTeam/dnsproxy
[3] https://github.com/AdguardTeam/coredns
[4] https://github.com/ameshkov/dnslookup
[5] https://github.com/private-octopus/quicdoq Appendix A. The NOTIFY service
[6] https://github.com/private-octopus/picoquic This appendix discusses the issue of allowing NOTIFY to be sent in
0-RTT data.
[7] https://github.com/DNS-OARC/flamethrower/tree/dns-over-quic Section Section 5.5 says "The 0-RTT mechanism SHOULD NOT be used to
send DNS requests that are not "replayable" transactions", and
suggests this is limited to OPCODE QUERY. It might also be viable to
propose that NOTIFY should be permitted in 0-RTT data because
although it technically changes the state of the receiving server,
the effect of replaying NOTIFYs has negligible impact in practice.
[8] https://github.com/aiortc/aioquic NOTIFY messages prompt a secondary to either send an SOA query or an
XFR request to the primary on the basis that a newer version of the
zone is available. It has long been recognized that NOTIFYs can be
forged and, in theory, used to cause a secondary to send repeated
unnecessary requests to the primary. For this reason, most
implementations have some form of throttling of the SOA/XFR queries
triggered by the receipt of one or more NOTIFYs.
[9] https://adguard.com/en/blog/dns-over-quic.html RFC9103 describes the privacy risks associated with both NOTIFY and
SOA queries and does not include addressing those risks within the
scope of encrypting zone transfers. Given this, the privacy benefit
of using DoQ for NOTIFY is not clear - but for the same reason,
sending NOTIFY as 0-RTT data has no privacy risk above that of
sending it using cleartext DNS.
Authors' Addresses Authors' Addresses
Christian Huitema Christian Huitema
Private Octopus Inc. Private Octopus Inc.
427 Golfcourse Rd 427 Golfcourse Rd
Friday Harbor WA 98250 Friday Harbor
U.S.A
Email: huitema@huitema.net Email: huitema@huitema.net
Sara Dickinson Sara Dickinson
Sinodun IT Sinodun IT
Oxford Science Park Oxford Science Park
Oxford OX4 4GA Oxford
U.K.
Email: sara@sinodun.com Email: sara@sinodun.com
Allison Mankin Allison Mankin
Salesforce Salesforce
Email: allison.mankin@gmail.com Email: allison.mankin@gmail.com
 End of changes. 84 change blocks. 
227 lines changed or deleted 493 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/