Hi, I did a simple (and naive) benchmark of different DNS privacy implementations available.
The benchmark measures the time needed to query the Alexa top 1000 via "dig" (sequentially). OS is Linux (amd64, Core2Duo). Network is 100Mbit FTTH. DNS-over-TLS was done via the SurfNET DNS-over-TLS resolver. dnsfwd is a UDP-to-TCP forwarder that keeps the TCP session open <https://github.com/randomstuff/dnsfwd> Unbound (1.6.0) opens a new TLS session for each query :( The DNSCrypt resolver was randomly chosen by the software. Protocol/Software Time (Sec) Privacy DNSSEC -------------------------------------------------------------------- Google DNS (UDP) 64 -- + DNS-over-TLS (dnsfwd+stunnel) 67 ++ - local Unbound w/o DNSSEC 146 - - local Unbound w. DNSSEC 163 - + DNS-over-DNSCrypt (ns0.dnscrypt.is) 243 ++ + DNS-over-Tor 254 ++ - DNS-over-TLS (Unbound+dnsfwd+stunnel) 258 ++ + DNS-over-TLS (Unbound+stunnel) 444 ++ + DNS-over-TLS (Unbound buildin TLS) 647 ++ + "Stubby" is missing, I having issues getting it to work, I will update this list once I've got "Stubby" working. As I have this setup now, is there an working implementation that is missing and should also be in the list? DNS-over-QUIC? DNS-over-HTTP(S)? Best regards Carsten Strotmann _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
