Every Web session involves a DNS resolution. While, in the last decade, we witnessed a promising trend towards an encrypted Web in general, DNS encryption has only recently gained traction with the standardisation of DNS over TLS (DoT) and DNS over HTTPS (DoH). Meanwhile, the rapid rise of QUIC deployment has now opened up an exciting opportunity to utilise the same protocol to not only encrypt Web communications, but also DNS. In this paper, we evaluate this benefit of using QUIC to coalesce name resolution via DNS over QUIC (DoQ), and Web content delivery via HTTP/3 (H3) with 0-RTT. We compare this scenario using several possible combinations where H3 is used in conjunction with DoH and DoQ, as well as the unencrypted DNS over UDP (DoUDP). We observe, that when using H3 1-RTT, page load times with DoH can get inflated by $>$30\% over fixed-line and by $>$50\% over mobile when compared to unencrypted DNS with DoUDP. However, this cost of encryption can be drastically reduced when encrypted connections are coalesced (DoQ + H3 0-RTT), thereby reducing the page load times by 1/3 over fixed-line and 1/2 over mobile, overall making connection coalescing with QUIC the best option for encrypted communication on the Internet.

翻译：每个Web会话都涉及一次DNS解析。尽管过去十年间，我们见证了Web加密化的整体趋势，但DNS加密直到近期才因DNS over TLS（DoT）和DNS over HTTPS（DoH）的标准化而受到广泛关注。与此同时，QUIC部署的快速兴起开创了激动人心的新机遇：利用同一协议不仅加密Web通信，还能加密DNS。本文评估了通过QUIC实现两种功能协同的优势——即采用DNS over QUIC（DoQ）进行名称解析，同时结合HTTP/3（H3）0-RTT进行Web内容交付。我们将此方案与H3配合DoH、DoQ以及未加密的DNS over UDP（DoUDP）等多种组合进行对比。实验发现：在采用H3 1-RTT时，相较于未加密的DoUDP，使用DoH的页面加载时间在固定网络上会增加超过30%，在移动网络上增加超过50%。然而，当加密连接实现协同（DoQ + H3 0-RTT）时，加密成本显著降低：固定网络的页面加载时间缩减1/3，移动网络缩减1/2。总体而言，QUIC连接协同成为互联网加密通信的最佳选择。