I did a simple (and naive) benchmark of different DNS privacy
implementations available.

The benchmark measures the time needed to query the Alexa top 1000 via
"dig" (sequentially). OS is Linux (amd64, Core2Duo). Network is 100Mbit

DNS-over-TLS was done via the SurfNET DNS-over-TLS resolver.

dnsfwd is a UDP-to-TCP forwarder that keeps the TCP session open

Unbound (1.6.0) opens a new TLS session for each query :(

The DNSCrypt resolver was randomly chosen by the software.

 Protocol/Software                      Time (Sec)  Privacy  DNSSEC 
 Google DNS (UDP)                               64  --       +      
 DNS-over-TLS (dnsfwd+stunnel)                  67  ++       -      
 local Unbound w/o DNSSEC                      146  -        -      
 local Unbound w. DNSSEC                       163  -        +      
 DNS-over-DNSCrypt (ns0.dnscrypt.is)           243  ++       +      
 DNS-over-Tor                                  254  ++       -      
 DNS-over-TLS (Unbound+dnsfwd+stunnel)         258  ++       +      
 DNS-over-TLS (Unbound+stunnel)                444  ++       +      
 DNS-over-TLS (Unbound buildin TLS)            647  ++       +      

"Stubby" is missing, I having issues getting it to work, I will update
this list once I've got "Stubby" working.

As I have this setup now, is there an working implementation that is
missing and should also be in the list?


Best regards

Carsten Strotmann

dns-privacy mailing list

Reply via email to