Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

John Heidemann <> Fri, 02 April 2021 04:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 752613A30D6 for <>; Thu, 1 Apr 2021 21:23:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8unO0eX4WXMW for <>; Thu, 1 Apr 2021 21:23:50 -0700 (PDT)
Received: from ( [IPv6:2001:1878:401::8009:1c09]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9CD083A30D5 for <>; Thu, 1 Apr 2021 21:23:50 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 3AAD4A04B3; Thu, 1 Apr 2021 21:23:48 -0700 (PDT)
Received: from (localhost6.localdomain6 [IPv6:::1]) by (Postfix) with ESMTP id 7AA82440064; Thu, 1 Apr 2021 21:23:47 -0700 (PDT)
From: John Heidemann <>
To: Tomas Krizek <>
cc: Rob Sayre <>, Bill Woodcock <>, "" <>
In-reply-to: <>
References: <> <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Date: Thu, 01 Apr 2021 21:23:47 -0700
Message-ID: <>
Archived-At: <>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 02 Apr 2021 04:23:55 -0000

On Thu, 01 Apr 2021 11:59:26 +0200, Tomas Krizek wrote: 
>On 31/03/2021 23.28, Rob Sayre wrote:
>> On Wed, Mar 31, 2021 at 2:16 PM Bill Woodcock <> wrote:
>>> …and it’s measuring latency rather than server-side load.  I just checked
>>> with our engineers, and it sounds like the server load per-query is more
>>> like 3x-5x higher for the encrypted queries.
>> Plenty of folks have evaluated the costs here. I'd prefer to discuss data
>> rather than "checking with engineers". It's not really reasonable to
>> measure "server load per-query" without a bunch of other data on how the
>> TLS sessions are being created and maintained.
>> So, if you have some data you'd like to share with the list, that would 
>> most welcome.
>We've done some measurements comparing the server-load overhead of DoT
>and DoH and while the exact results vary greatly with the client
>behaviour, connection management and other parameters, I think 3x-5x
>server-load overhead (compared to UDP) is a reasonable expectation. [1]

We've published results of server-side CPU and memory at

Liang Zhu and John Heidemann.
  LDplayer: DNS Experimentation at Scale.
  In _Proceedings of the ACM Internet Measurement Conference_, Boston, Massachusetts, USA, ACM.
  October, 2018.
  <>, <>.
Including replay of root DNS traffic (DITL) with it's current mix of UDP
and TCP and all-TLS.

We found (DNS over) UDP and TLS took about the same CPU on our hardware,
and pure TCP (without TLS) was actually lower CPU than UDP.  See Figure
11 and section 5.2.3 in the paper.

(Our code and data is available if you want to reproduce our experiments
on your hardware.)

IMHO, a bigger operational concern than CPU is actually memory---it's
easy to burn through a lot of RAM with TCP and TLS state---see section
5.2.2 and figures 13 and 14 in the paper.  It depends a lot on the TCP
and TLS timeout you use.  Fortunately it's less than 24GB at steady
state, which is not a problem for today's hardware.  (Although the
server should be prepared to early-terminate connections if it's under
memory pressure.)

Our experiments assume well configured clients and servers.  Although
not so important for load, optimizations make a huge difference
difference for latency.  Options like TCP fast open and TLS connection
resumption get some of the improvements in QUIC, but over TCP (see
<> for the details).  I
hope people evaluating DNS over QUIC compare against best-configured TCP
and not just basic TCP without optimizations.

   -John Heidemann