Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Google Introduces DNS-over-HTTP/3 in Android

Google this week announced the rollout of DNS-over-HTTP/3 (DoH3) for Android 11 and newer devices.

An encrypted DNS protocol, DoH3 is expected to provide performance and safety improvements compared to alternatives, mainly through the QUIC transport layer network protocol.

Google this week announced the rollout of DNS-over-HTTP/3 (DoH3) for Android 11 and newer devices.

An encrypted DNS protocol, DoH3 is expected to provide performance and safety improvements compared to alternatives, mainly through the QUIC transport layer network protocol.

By default, even for encrypted connections, DNS lookups are not private – the base DNS protocol does not have encryption – something that has been resolved through solutions such as DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH).

Support for DoT was introduced in Android 9, but Google says that the protocol incurs overhead on any DNS request. Although it enjoys wide adoption and has already been deployed by numerous public DNS operators, DoH doesn’t reduce overhead, the internet giant says.

DoH3, which should provide both performance and safety improvements courtesy of its use of QUIC, has been rolled out as part of a Google Play system update and will replace the use of DoT for well-known DNS servers that already support it.

“Which DNS service you are using is unaffected by this change; only the transport will be upgraded. In the future, we aim to support DDR which will allow us to dynamically select the correct configuration for any server. This feature should decrease the performance impact of encrypted DNS,” Google says.

Google also notes that the QUIC transport can resume a suspended connection, which is useful when the mobile device changes networks, and that DoH3 may outperform traditional DNS in unreliable networks.

“Field measurements during the initial limited rollout of this feature show that DoH3 significantly improves on DoT’s performance. For successful queries, our studies showed that replacing DoT with DoH3 reduces median query time by 24%, and 95th percentile query time by 44%,” the internet giant says.

Advertisement. Scroll to continue reading.

DoH3 in Android, the company adds, also takes advantage of the Rust programming language that Android supports, which helps reduce the risk of security vulnerabilities.

Google also explains that Android will query a Cloudflare HTTP/3 library called quiche, which has “a memory-safe implementation, few dependencies, and a small code size.”

“With the introduction of Rust, we are able to improve both security and the performance at the same time. Likewise, QUIC allows us to improve network performance and privacy simultaneously. Finally, Mainline ensures that such improvements are able to make their way to more Android users sooner,” the internet giant says.

Related: Google Secures Public DNS Queries With DNS-over-TLS

Related: DoH Makes It Difficult to Track Botnets: Spamhaus

Related: Google Patches Critical Android Vulnerabilities With June 2022 Updates

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...