Add support for DNS-over-QUIC to systemd-resolved

[benoitjpnet]

Is your feature request related to a problem? Please describe. DNS-over-QUIC (DoQ) is not supported.

Describe the solution you'd like DoQ implemented.

The long-awaited DNS-over-QUIC protocol has finally graduated from a draft to being a real standard, RFC 9250.

Example of software compatible DoQ:

• AdGuardHome, can resolve DoQ and be a DoQ resolver.

The systemd version you checked that didn't have the feature you are asking for

251.2

Somehow related (especially discussions): #8639

[daiaji]

This means that HTTP/3 has also ushered in an official version?

[rhymeswithmogul]

This means that HTTP/3 has also ushered in an official version?

Sure did. RFC 9114 just got released.

[codewiz]

This is the HTTP/3 stack that was used to build DoH3 for Android last year: https://github.com/cloudflare/quiche

It's a solid, actively maintained, portable, secure codebase with a small library footprint (given the complexity of QUIC and H3), and I highly recommend it.

Quiche does not support legacy HTTP/1 and HTTP/2, but since those were TCP-based, there would be no advantage over DoT (in fact, they have higher protocol overhead).

[GreyXor]

However, DoQ is weak when considering the ability to circumvent nationwide Internet censorship. QUIC communication is heavily interfered in countries where the users need encrypted DNS the most.

[nikelborm]

Hi, any updates on this?