…done either by padding individual DNS messages using the EDNS(0) Padding Option RFC7830 or by padding QUIC packets (see Section 19.1 of [ RFC9000 ). In theory, padding at the QUIC packet level could result in better performance for the equivalent protection, because the amount of…

…EDNS0 option in the query. Specifically, a DoT server SHOULD use EDNS0 padding [RFC7830] if possible, and a DoQ server SHOULD follow the guidance in Section 5.4 of [RFC9250]. How much to pad is out of scope of this document, but a reasonable suggestion can be found in [RFC8467]. …

…adding (see Section 10.7 of [RFC7540] ). DoH servers can also add DNS padding [ RFC7830 ] if the DoH client requests it in the DNS query. An experimental effort to offer guidance on choosing the padding length can be found in [ RFC8467 ]. The HTTPS connection provides transport s…

…r equal to the DNS response size + DTLS overhead of 13 octets + padding size ([ RFC7830 ]) + authentication overhead of the negotiated DTLS cipher suite + block padding ( Section 4.1.1.1 of [RFC6347] ). If the DNS server's response were to exceed that calculated value, the server…

…r the use of a padding method to address privacy leakage due to message sizes [ RFC7830 ]. Since traffic analysis can be based on many kinds of patterns and many kinds of classifiers, simple padding schemes alone might not be sufficient to mitigate such an attack. Padding will, h…