SYNERGY OF SECURITY AND PERFORMANCE: OPTIMIZATION OF DNS RESOLUTION USING HTTPS-DNS, DNS-OVER-HTTPS, ECH AND HTTP/3
DOI: 10.31673/2409-7292.2025.019877
DOI:
https://doi.org/10.31673/2409-7292.2025.019877Abstract
The article discusses the optimization of DNS resolution in the context of growing cyber threats and increased
requirements for the speed of Internet connections. The vulnerabilities of traditional DNS are analyzed, in particular, the risks
of interception, manipulation of requests and their dependence on unencrypted communication channels, which creates a threat
of data compromise. Modern approaches to improving the security and efficiency of DNS resolution are presented, in particular,
the use of the latest technologies, such as DNS-over-HTTPS (DoH), HTTPS DNS records (type 65), Encrypted Client Hello
(ECH), QUIC and HTTP/3. Since these technologies are not interchangeable, to achieve significant optimization of DNS
resolution, they should be used in combination, when they complement each other: DoH provides secure transmission of DNS
requests, HTTPS DNS records accelerate resolving, ECH hides connection metadata, and QUIC and HTTP/3 significantly
reduce latency and improve data transfer efficiency. The article describes their synergy, which provides encryption of requests,
minimizing delays, increasing user privacy and circumventing restrictions imposed by Internet providers. Particular attention is
paid to the impact of these technologies on the performance of web resources, reducing the load on DNS servers and ensuring
reliable connections even in networks with high delays. Examples of client requests are given in the form of diagrams comparing
traditional and optimized DNS resolving, demonstrating the advantages of implementing the latest protocols. The prospects for
further development of these technologies and their potential impact on creating a safer, faster and more efficient Internet
environment are outlined.
Keywords: DNS resolving, DNS-over-HTTPS, QUIC, HTTP/3, Server Name Indication, encryption, privacy, security.
References
1. Dooley M., Rooney T. Introduction to the Domain Name System (DNS) / M. Dooley // DNS SECURITY
MANAGEMENT (7th ed.). – Hoboken, NJ: Wiley-IEEE Press. – 2017. – P. 17–30.
2. A survey of domain name system vulnerabilities and attacks / Kim T. H., Reeves D. // Journal of Surveillance,
Security and Safety, – 2020, 1: 34–60.
3. Comparing DNS resolvers in the wild / Ager B., et al. // In: Proceedings of the 10th ACM SIGCOMM
conference on Internet measurement. – 2010. – P. 15–21. https://doi.org/10.1145/1879141.18791.
4. Privacy Leaks Via SNI and Certificate Parsing / Koshy A. M., et al. // In: 2023 International Conference on
Quantum Technologies, Communications, Computing, Hardware and Embedded Systems Security (iQ-CCHESS). IEEE.
– 2023. – P. 1–5. https://doi.org/10.1109/iQ-CCHESS56596.2023.10391827.
5. Privacy of DNS-over-HTTPS: Requiem for a Dream? / Csikor L., et al. // In: 2021 IEEE European Symposium
on Security and Privacy (EuroS&P). IEEE. – 2021. – P. 252–271. https://doi.org/10.1109/EuroSP51992.2021.00026.
6. Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records) [Electronic
resource] / Schwartz B. M., Bishop M., and Nygren E. // *Request for Comments* 9460. RFC Editor, November, – 2023.
Web page: https://www.rfc-editor.org/rfc/rfc9460.html (2025).
7. Exploring the Ecosystem of DNS HTTPS Resource Records: An End-to-End Perspective / Dong H., et al. //
In: Proceedings of the 2024 ACM on Internet Measurement Conference. – 2024. – P. 423–440.
https://doi.org/10.48550/arXiv.2403.15672.
8. Speeding up HTTPS and HTTP/3 negotiation with... DNS [Electronic resource] / Ghedini A. // Cloudflare
Blog, September 30, – 2020. Web page: https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/
(2025).
9. Encrypted Client Hello, balancing privacy enhancements with security implications [Electronic resource] /
Kartavcevas P., Maksimovic L. // University of Skövde, School of Informatics. – 2024. Web page: https://his.divaportal.org/smash/record.jsf?pid=diva2%3A1882070&dswid=-8911 (2025).
10. What We Know About HTTP/3 and Its Implementation: A Literature Review / Koch J., Falowo O., Elrod N. //
In: 2024 IEEE 3rd International Conference on Computing and Machine Intelligence (ICMI). IEEE. – 2024. – P. 1–7.
https://doi.org/10.1109/ICMI60790.2024.10585883.
11. Security and performance evaluations of QUIC protocol / Soni M., Rajput B. S. // In: Data Science and
Intelligent Applications: Proceedings of ICDSIA 2020. Springer Singapore. – 2021. – P. 457–462.
