Hi,

I did a simple (and naive) benchmark of different DNS privacy
implementations available.

The benchmark measures the time needed to query the Alexa top 1000 via
"dig" (sequentially). OS is Linux (amd64, Core2Duo). Network is 100Mbit
FTTH.

DNS-over-TLS was done via the SurfNET DNS-over-TLS resolver.

dnsfwd is a UDP-to-TCP forwarder that keeps the TCP session open
<https://github.com/randomstuff/dnsfwd>

Unbound (1.6.0) opens a new TLS session for each query :(

The DNSCrypt resolver was randomly chosen by the software.

 Protocol/Software                      Time (Sec)  Privacy  DNSSEC 
--------------------------------------------------------------------
 Google DNS (UDP)                               64  --       +      
 DNS-over-TLS (dnsfwd+stunnel)                  67  ++       -      
 local Unbound w/o DNSSEC                      146  -        -      
 local Unbound w. DNSSEC                       163  -        +      
 DNS-over-DNSCrypt (ns0.dnscrypt.is)           243  ++       +      
 DNS-over-Tor                                  254  ++       -      
 DNS-over-TLS (Unbound+dnsfwd+stunnel)         258  ++       +      
 DNS-over-TLS (Unbound+stunnel)                444  ++       +      
 DNS-over-TLS (Unbound buildin TLS)            647  ++       +      

"Stubby" is missing, I having issues getting it to work, I will update
this list once I've got "Stubby" working.

As I have this setup now, is there an working implementation that is
missing and should also be in the list?

DNS-over-QUIC?
DNS-over-HTTP(S)?

Best regards

Carsten Strotmann

_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy

Reply via email to