These all seem to show a broadly similar pattern in which DoH/DoT are marginally slower in fast settings. Where people have looked at slower settings, it seems like there is some evidence that
-Ekr On Fri, Mar 20, 2020 at 10:58 AM Brian Dickson < [email protected]> wrote: > > > On Fri, Mar 20, 2020 at 9:10 AM Ted Hardie <[email protected]> wrote: > >> On Fri, Mar 20, 2020 at 7:16 AM Ralf Weber <[email protected]> wrote: >> >>> Moin! >>> >>> If the hardware and the location of the client and server are >>> identical it is impossible to get more throughput, better latency using >>> DoT or DoH, then DNS over UDP/53 given two similar written servers. >>> >> >> Hi Ralf, >> >> A trivial example in which this is not true is in the case where one or >> more routers in the network path maintain different queues for UDP and TCP >> traffic. When this is the case, a robust queue for TCP and a meager one >> for UDP can easily mean that the end-to-end performance for the client is >> better for DoT (or DNS over TCP/53), simply because the loss on the UDP >> path is high. This is especially true if you measure over a flight of >> queries (say, all the DNS queries a web page needs to resolve) and DoT >> keeps an open session for the whole flight. To put this another way, >> if what you are measuring is the DNS component of page load time, DNS >> timeouts for the lost UDP packets in a queue-starved path can kill the >> performance. >> >> As Eric points out, we have to be careful to describe what we're >> measuring here, and there are definitely different views of what we're >> optimizing for. >> > > What may have been overlooked and/or erroneously given too much weight, is > the single report being used to compare performance. > (I don't have the original report URI handy, but I'm sure many > participants here do.) > > IIRC, the measurements were done exclusively from AWS locations, and > further cherry-picked by AWS location. > I don't believe this is a singly report. To my knowledge there are at least three separate measurements that have been taken here: - The Hounsel et. al measurements which were taken from a single vantage point. - The measurements by B\"{o}ttger et al. published at IMC'19, which also appear to be from a single vantage point. - The measurements we published which were taken from a sample of Firefox users I believe there is also some new work using SamKnows but I don't think the results have been published yet. These seem to all show roughly comparable results of DoH/DoT being slightly slower in fast settings. Both our results and Hounsels suggest that in bad network conditions, DoH and DoT can be faster. IMNSHO, that report would be better characterized as anecdotal rather than > statistically representative of the real world. > > I'm definitely not against productive discussions, but we should get good > data first. > > An example of good data, are the experiments conducted by Geoff Huston and > George Michaelson from APNIC. > Certainly the type of measurements conducted by APNIC are useful, but I don't believe that their techniques can actually measure this because they are unable to cleanly access the DNS API via an advertisement. However, our experimental design (sampling Fx users) offers a broadly similar type of measurement, and, as I said above, shows that DoH is slightly -- but not materially --slower than the system resolver up to about the 80th percentile at which point DoH outperforms the system resolver [0]. -Ekr [0] https://blog.nightly.mozilla.org/2018/08/28/firefox-nightly-secure-dns-experimental-results/
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
