DNS over HTTPS (DoH): A Deep Dive into Versions 1.1 and 1.3

DNS over HTTPS (DoH) is a protocol that encrypts DNS queries and responses using HTTPS. This enhances privacy and security by preventing eavesdropping and manipulation of DNS traffic. While the underlying principle remains consistent, the implementation details, particularly concerning the HTTPS protocol version used (HTTP/1.1 vs. HTTP/1.3), can impact performance and efficiency. This article delves into the nuances of DoH with a focus on HTTP/1.1 and HTTP/1.3.

HTTP/1.1 and DoH

HTTP/1.1 has been the prevalent version of HTTP for many years, and its use with DoH is well-established. When using HTTP/1.1 for DoH, each DNS query and response is typically transmitted as a separate HTTP request and response. This can lead to a higher overhead, especially for multiple simultaneous queries, due to the persistent connection limitations of HTTP/1.1.

Limitations of HTTP/1.1 in DoH:

• Head-of-line blocking: If one request is slow, subsequent requests are blocked until it completes.
• Increased latency: The overhead of multiple TCP connections can increase overall latency.
• Higher bandwidth consumption: More headers and extra bytes are transmitted compared to HTTP/1.3.

HTTP/1.3 and DoH

HTTP/1.3 significantly improves upon HTTP/1.1 by addressing many of its shortcomings. Key improvements relevant to DoH include:

• Multiple requests in a single connection: HTTP/1.3 allows for pipelining multiple requests over a single TCP connection, reducing latency.
• Head-of-line blocking mitigation: Pipelining minimizes the impact of head-of-line blocking.
• HTTP/2-like header compression: While not as sophisticated as HTTP/2's header compression, HTTP/1.3 offers improvements over HTTP/1.1, reducing data overhead.
• Improved connection management: Features like connection reuse and more efficient handling of connections contribute to reduced latency and better performance.

Benefits of HTTP/1.3 in DoH:

• Faster query resolution: Pipelining and reduced overhead lead to faster DNS lookups.
• Reduced latency: Fewer TCP connections and improved connection management minimize latency.
• Improved efficiency: Less data is transmitted, resulting in lower bandwidth consumption.
• Enhanced scalability: Better handling of multiple simultaneous queries improves scalability.

Performance Comparison

In practice, the performance difference between DoH over HTTP/1.1 and HTTP/1.3 can be significant, especially in scenarios with multiple simultaneous DNS queries or high latency networks. While the exact performance gains depend on various factors (network conditions, server load, client implementation), HTTP/1.3 consistently outperforms HTTP/1.1 in DoH for most use cases.

Note: While HTTP/1.3 offers significant advantages, not all DoH resolvers support it. Compatibility is a crucial factor to consider when selecting a DoH provider.

Choosing the Right Version

The ideal choice between HTTP/1.1 and HTTP/1.3 for DoH depends on several factors:

• Resolver support: Ensure that your chosen DNS resolver supports HTTP/1.3.
• Client compatibility: Your operating system and browser should support HTTP/1.3.
• Network conditions: In high-latency environments, the benefits of HTTP/1.3 are amplified.
• Performance requirements: If fast query resolution is crucial, HTTP/1.3 is generally preferable.

In summary, while both HTTP/1.1 and HTTP/1.3 can be used with DoH, HTTP/1.3 provides substantial performance improvements due to its enhanced features. When possible, leveraging HTTP/1.3 with DoH results in a faster, more efficient, and more scalable DNS resolution experience.