As the DNS-over-HTTPS (DoH) secured domain querying draft creeps towards standardisation, Mozilla has run a test to see if applying encryption brings too heavy a performance penalty.
One somewhat-surprising outcome: for some queries, performance improved using DoH.
As Mozilla discusses here, run-of-the-mill DNS requests over DoH take a small performance hit.
However, the test team believes a six millisecond slowdown is acceptable, given that users get better security and privacy out of DoH.
The experiment found that from the billion DNS requests it gathered, “the slowest DNS transactions performed much better with the new DoH based system than the traditional one – sometimes hundreds of milliseconds better.”
[...] According to this paper, presented at Usenix earlier this month, interference with DNS is depressingly common.
That paper discovered 8.5 per cent of the networks the authors tested were intercepting DNS requests, and found a large number of networks using deprecated DNS software. Mozilla's Patrick McManus (one of DoH's two authors) hypothesised two possible reasons for the speed-up.
[...] Another Mozilla developer, Daniel Stenberg, posted a list of DoH endpoints here. There are now three “big names” in the list, with PowerDNS launching its server last week.
(Score: 1, Interesting) by Anonymous Coward on Friday August 31 2018, @09:35AM
Yes, now only the certificate authorities can behave like the stasi.