On Cross-Layer Interactions of QUIC, Encrypted DNS and HTTP/3: Design, Evaluation and Dataset

TL;DR

This work addresses how cross-layer design choices among QUIC, DNS (DoT/DoH/DoQ), and HTTP/3 affect Web performance and privacy. It introduces a measurement framework that emulates edge-network conditions to compare DoUDP, DoH, and DoQ under $0$-$RTT$ and $1$-$RTT$ HTTP/3 handshakes, with a focus on coalescing DNS and HTTP traffic over a single QUIC connection. Key findings show that DoH incurs noticeable page-load inflation relative to unencrypted DNS, while coalescing DoQ and HTTP/3 with $0$-$RTT$ can reduce page loads by roughly $-33 ext{ extperthousand}$ on fixed-line and $-50 ext{ extperthousand}$ on mobile, making QUIC connection coalescing the preferable encrypted option. The study provides a detailed, reproducible methodology and website-category analysis, and discusses privacy, trust, and infrastructure considerations for future Internet deployments. Overall, the results support adopting QUIC-based connection coalescing as a practical path to faster, more private Web access, while highlighting trade-offs in centralized DNS trust and privacy governance.

Abstract

Every Web session involves a DNS resolution. While, in the last decade, we witnessed a promising trend towards an encrypted Web in general, DNS encryption has only recently gained traction with the standardisation of DNS over TLS (DoT) and DNS over HTTPS (DoH). Meanwhile, the rapid rise of QUIC deployment has now opened up an exciting opportunity to utilise the same protocol to not only encrypt Web communications, but also DNS. In this paper, we evaluate this benefit of using QUIC to coalesce name resolution via DNS over QUIC (DoQ), and Web content delivery via HTTP/3 (H3) with 0-RTT. We compare this scenario using several possible combinations where H3 is used in conjunction with DoH and DoQ, as well as the unencrypted DNS over UDP (DoUDP). We observe, that when using H3 1-RTT, page load times with DoH can get inflated by $>$30\% over fixed-line and by $>$50\% over mobile when compared to unencrypted DNS with DoUDP. However, this cost of encryption can be drastically reduced when encrypted connections are coalesced (DoQ + H3 0-RTT), thereby reducing the page load times by 1/3 over fixed-line and 1/2 over mobile, overall making connection coalescing with QUIC the best option for encrypted communication on the Internet.

Figures (12)

• Figure 1: Web Browsing over different unencrypted and encrypted DNS protocols using both H3 $0$-RTT and H3 $1$-RTT combinations.
• Figure 2: Measurement setup used to evaluate QUIC connection coalescing using DoQ + H3 $0-$RTT. The setup automates DNS resolution and Web browsing while emulating network conditions, such as delay and bandwidth of a user at the edge.
• Figure 3: CDF of the QUIC handshake connect duration H3 for 1-RTT and 0-RTT, as well as DoQ 1-RTT for all scenarios. The values are normalized by the delay that was applied during the measurement to show how these metrics scale with round-trips.
• Figure 4: CDF of the QUIC handshake connect duration H3 for 1-RTT and 0-RTT, as well as DoQ 1-RTT. For fiber, the difference between HTTP 0-RTT and 1-RTT is large because the RTT is relatively low and thus the processing delay has a higher share. For 4G, the difference between 0-RTT and 1-RTT is small compared to other access technologies because the processing delay is small in proportion to the RTT.
• Figure 5: CDF of DNS exchange duration in multiples of round trip times for all scenarios. Only DoUDP scales with the number of expected round-trips.