Jul 21, 2022 13:00:00

Android supports DNS encryption technology 'DNS-over-HTTP / 3'

Android now supports the

DNS encryption technology ' DNS-over-HTTP / 3 '. This will enable stable connection with low latency compared to the encryption technology 'DNS-over-TLS' that has been supported by Android so far.

Google Online Security Blog: DNS-over-HTTP / 3 in Android
https://security.googleblog.com/2022/07/dns-over-http3-in-android.html

Websites are assigned an 'IP address' that corresponds to an address on the Internet. For example, ' google.com ' is assigned the IP address '142.250.207.110', and you can access the top page of Google by entering '142.250.207.110' in the address bar of your browser. However, the enumeration of numbers '142.250.207.110' is very difficult to remember and is inconvenient for humans. Therefore, there is a mechanism called 'DNS' that converts a relatively easy-to-remember domain name such as 'google.com' into an IP address such as '142.250.207.110'.

However, the communication between the user and DNS is in plain text, which is not encrypted, and the information 'which domain you are trying to access' is missing from the attacker. Therefore, technologies such as 'DNS-over-TLS' and 'DNS-over-HTTPS' that encrypt the communication between the user and DNS have been developed. You can find out more about DNS encryption technology in the following articles:

What is the battle for supremacy of 'DNS encryption method'? --GIGAZINE

By The Digital Artist

Android has supported DNS encryption by 'DNS-over-TLS' for a long time, but new support for DNS encryption technology 'DNS-over-HTTP / 3' using HTTP / 3 has been announced. I did. According to Google, 'DNS-over-HTTP / 3' works more efficiently than 'DNS-over-TLS'. The merits of 'DNS-over-HTTP / 3' mentioned by Google are as follows.

-Since 'DNS-over-TLS' responded to multiple requests one by one, there was a problem that subsequent requests would be blocked if there was a request that took a long time to respond. 'DNS-over-HTTP / 3' allows you to respond to each request in no particular order.

-For mobile devices such as smartphones, the network to connect to changes frequently as the user moves. 'DNS-over-TLS' required negotiation every time the network was switched, but 'DNS-over-HTTP / 3' does not require renegotiation.

-In 'DNS-over-TLS', the life of the connection may be shortened due to the influence of network disconnection and TCP connection management of the server. For this reason, 'DNS-over-HTTP / 3' may be more advantageous in unreliable networks.

The graph below shows the time required to complete the 'DNS-over-TLS' (top) and 'DNS-over-HTTP / 3' (middle) queries. The median time required to complete a query (light blue) is 24% shorter for 'DNS-over-HTTP / 3' than for 'DNS-over-TLS', and even at the 95th percentile, 'DNS-over-HTTP /' '3' is 44% shorter.

'DNS-over-HTTP / 3' is provided as an update of Android system components and is available on devices that already have Android 11 or later installed.