V2.31

What's Changed

New Contributors

Full Changelog: v2.30...v2.31


This is a companion discussion topic for the original entry at https://github.com/privacyguides/privacyguides.org/releases/tag/v2.31

Suggestion: mention QUIC protocol support by NextDNS, Adguard and Control D in the DNS section. QUIC is more privacy friendly than DOH since DOH can be used to transfer metadata with unique identifiers and its just as fast.

Does NextDNS support DoQ? I can’t find concrete evidence of this at a glance, the last information I found was that they don’t support the latest version of it.

I also am not sure there is a benefit to DoQ (or DoT) over DoH because they use easily blocked unique ports instead of port 443. DNS over HTTPS/3 seems more promising to me: What is DNS over TLS (DoT), DNS over Quic (DoQ) and DNS over HTTPS (DoH & DoH3)? - Getting Started - NextDNS Help Center

NextDNS supports QUIC.

proof: Imgur: The magic of the Internet

Yes it can be blocked, but DOH is not really privacy friendly. See Adguard’s section on this topic on their site:

Why not DNS-over-HTTPS

It gets more complicated here: at one point DNS-over-HTTPS will also support QUIC, thanks to the future employment of HTTP/3 protocol that was built around QUIC. And this raises more questions: why do we need DoQ at all in this case?

There are, in fact, several reasons, but they all stem from the single fact that HTTP is not a transport layer protocol. It was designed for different reasons, and while it can serve as a substitute for a proper transport protocol, this would raise a lot of unnecessary risks. Specifically in privacy area, using HTTP to transfer DNS requests will lead to:

  • HTTP cookies
  • Other HTTP headers (Authentication, User-Agent, Accept-Language)
  • More Fingerprinting opportunities for malefactors
  • Tracking using ETag

While all these problems can be accounted for on the client side at the DoH level, the clients themselves vary greatly: browsers, operating systems, all kinds of other software. It’s practically impossible to have a client-side solution for each and all of them.