huitema
commented
3 years ago DNS queries are short. It is very often possible to pack several DNS queries in a single datagram. Padding at the DNS level would go in the way of that.
Then there is the case in which a query is carried in a stream, and the stream is sent over several datagrams. That can easily happen if the DNS application queues a bunch of queries -- there might not be enough bytes left after packing N streams in a packet to also pack the entirety of stream N+1.
Te basic point is that the observers will see the size of the QUIC packets, not the size of the DNS queries. That's pretty much why we want the padding protection applied at the QUIC level.
The properties of padding using QUIC PADDING frames and padding of DNS messages are greatly different. If the choice to recommend use of QUIC padding is deliberate, the draft should talk about why that is the right choice, because it is not obviously so. It should also then talk about the shortcomings of that sort of approach, particularly as it relates to how packet loss can affect the efficacy of padding.