Re: [dns-privacy] some DNS privacy implementation benchmark
Carsten Strotmann <carsten@strotmann.de> Tue, 15 August 2017 15:13 UTC
Return-Path: <carsten@strotmann.de>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FCC5132055 for <dns-privacy@ietfa.amsl.com>; Tue, 15 Aug 2017 08:13:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mm48jHpsDfdp for <dns-privacy@ietfa.amsl.com>; Tue, 15 Aug 2017 08:13:31 -0700 (PDT)
Received: from smtp3.strotmann.de (smtp3.strotmann.de [46.38.233.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 533091321CB for <dns-privacy@ietf.org>; Tue, 15 Aug 2017 08:13:30 -0700 (PDT)
Received: from smtp2.strotmann.de (unknown [IPv6:fd00::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp3.strotmann.de (Postfix) with ESMTPS id E17D57FC8B for <dns-privacy@ietf.org>; Tue, 15 Aug 2017 17:13:23 +0200 (CEST)
Received: from emacs.strotmann.de.strotmann.de (unknown [172.42.1.123]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp2.strotmann.de (Postfix) with ESMTPSA id 3xWwwL5n8pz17NM1 for <dns-privacy@ietf.org>; Tue, 15 Aug 2017 17:13:22 +0200 (CEST)
References: <861sogika3.fsf@emacs.strotmann.de>
User-agent: mu4e 0.9.16; emacs 25.2.1
From: Carsten Strotmann <carsten@strotmann.de>
To: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
In-reply-to: <861sogika3.fsf@emacs.strotmann.de>
Date: Tue, 15 Aug 2017 15:13:22 +0000
Message-ID: <86d17whnjh.fsf@emacs.strotmann.de>
MIME-Version: 1.0
Content-Type: text/plain
X-Spamd-Result: default: False [0.00 / 0.00] RCVD_COUNT_TWO(0.00)[2] TO_DN_ALL(0.00)[] RCVD_TLS_ALL(0.00)[] FROM_HAS_DN(0.00)[] TO_MATCH_ENVRCPT_ALL(0.00)[] MIME_GOOD(0.00)[text/plain] RCPT_COUNT_ONE(0.00)[1] RCVD_VIA_SMTP_AUTH(0.00)[] FROM_EQ_ENVFROM(0.00)[] ARC_NA(0.00)[] PREVIOUSLY_DELIVERED(0.00)[dns-privacy@ietf.org]
X-Rspamd-Server: localhost
X-Rspamd-Scan-Time: 5.03
X-Rspamd-Queue-ID: E17D57FC8B
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/j2mh0EeoAMrMWYqT6y8MpRFVPMQ>
Subject: Re: [dns-privacy] some DNS privacy implementation benchmark
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 15:13:33 -0000
Hello, here is a followup benchmark test, same setup, but 1000 queries collected from an office network replayed via "dig" (with duplicates and all, so the cache is being used). | Protocol | Time (Seconds) | Privacy | DNSSEC | |---------------------------------------+-----------------+---------+--------| | DNS-over-TLS (Unbound+dnsfwd+stunnel) | 10 | ++ | + | | local Unbound with DNSSEC | 11 | - | + | | local Unbound without DNSSEC | 11 | - | - | | DNS-over-TLS (dnsfwd+stunnel) | 21 | ++ | - | | DNS-over-TLS (Unbound+stunnel) | 24 | ++ | + | | Google DNS (UDP) | 30 | -- | + | | DNS-over-TLS (Unbound buildin TLS) | 40 | ++ | + | | DNS-over-DNSCrypt (ns0.dnscrypt.is) | 81 | ++ | + | | DNS-over-Tor | 103 | ++ | - | Looks not too bad. Carsten Strotmann
- [dns-privacy] some DNS privacy implementation ben… Carsten Strotmann
- Re: [dns-privacy] some DNS privacy implementation… Christian Huitema
- Re: [dns-privacy] some DNS privacy implementation… Carsten Strotmann
- Re: [dns-privacy] some DNS privacy implementation… Carsten Strotmann