[dns-privacy] some DNS privacy implementation benchmark
Carsten Strotmann <carsten@strotmann.de> Sat, 12 August 2017 20:49 UTC
Return-Path: <carsten@strotmann.de>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CE0B132190 for <dns-privacy@ietfa.amsl.com>; Sat, 12 Aug 2017 13:49:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVE0w2Vd9V9S for <dns-privacy@ietfa.amsl.com>; Sat, 12 Aug 2017 13:49:29 -0700 (PDT)
Received: from smtp3.strotmann.de (smtp3.strotmann.de [IPv6:2a03:4000:2:33f::5353]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02EBA13218E for <dns-privacy@ietf.org>; Sat, 12 Aug 2017 13:49:28 -0700 (PDT)
Received: from smtp2.strotmann.de (unknown [IPv6:fd00::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp3.strotmann.de (Postfix) with ESMTPS id 483737FDB8 for <dns-privacy@ietf.org>; Sat, 12 Aug 2017 22:49:24 +0200 (CEST)
Received: from emacs.strotmann.de.strotmann.de (unknown [172.42.1.123]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp2.strotmann.de (Postfix) with ESMTPSA id 3xVDWS3WhBzlsBr for <dns-privacy@ietf.org>; Sat, 12 Aug 2017 22:49:24 +0200 (CEST)
User-agent: mu4e 0.9.16; emacs 25.2.1
From: Carsten Strotmann <carsten@strotmann.de>
To: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Date: Sat, 12 Aug 2017 20:49:24 +0000
Message-ID: <861sogika3.fsf@emacs.strotmann.de>
MIME-Version: 1.0
Content-Type: text/plain
X-Spamd-Result: default: False [0.00 / 0.00] RCVD_COUNT_TWO(0.00)[2] TO_DN_ALL(0.00)[] RCVD_TLS_ALL(0.00)[] FROM_HAS_DN(0.00)[] TO_MATCH_ENVRCPT_ALL(0.00)[] MIME_GOOD(0.00)[text/plain] RCPT_COUNT_ONE(0.00)[1] RCVD_VIA_SMTP_AUTH(0.00)[] FROM_EQ_ENVFROM(0.00)[] ARC_NA(0.00)[] PREVIOUSLY_DELIVERED(0.00)[dns-privacy@ietf.org]
X-Rspamd-Server: localhost
X-Rspamd-Scan-Time: 0.26
X-Rspamd-Queue-ID: 483737FDB8
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/_VFKDukaKkiB0hklYQB7S6xQOMM>
Subject: [dns-privacy] some DNS privacy implementation benchmark
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Aug 2017 20:49:31 -0000
Hi, I did a simple (and naive) benchmark of different DNS privacy implementations available. The benchmark measures the time needed to query the Alexa top 1000 via "dig" (sequentially). OS is Linux (amd64, Core2Duo). Network is 100Mbit FTTH. DNS-over-TLS was done via the SurfNET DNS-over-TLS resolver. dnsfwd is a UDP-to-TCP forwarder that keeps the TCP session open <https://github.com/randomstuff/dnsfwd> Unbound (1.6.0) opens a new TLS session for each query :( The DNSCrypt resolver was randomly chosen by the software. Protocol/Software Time (Sec) Privacy DNSSEC -------------------------------------------------------------------- Google DNS (UDP) 64 -- + DNS-over-TLS (dnsfwd+stunnel) 67 ++ - local Unbound w/o DNSSEC 146 - - local Unbound w. DNSSEC 163 - + DNS-over-DNSCrypt (ns0.dnscrypt.is) 243 ++ + DNS-over-Tor 254 ++ - DNS-over-TLS (Unbound+dnsfwd+stunnel) 258 ++ + DNS-over-TLS (Unbound+stunnel) 444 ++ + DNS-over-TLS (Unbound buildin TLS) 647 ++ + "Stubby" is missing, I having issues getting it to work, I will update this list once I've got "Stubby" working. As I have this setup now, is there an working implementation that is missing and should also be in the list? DNS-over-QUIC? DNS-over-HTTP(S)? Best regards Carsten Strotmann
- [dns-privacy] some DNS privacy implementation ben… Carsten Strotmann
- Re: [dns-privacy] some DNS privacy implementation… Christian Huitema
- Re: [dns-privacy] some DNS privacy implementation… Carsten Strotmann
- Re: [dns-privacy] some DNS privacy implementation… Carsten Strotmann