Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday August 31 2018, @09:17AM   Printer-friendly
from the gotta-love-the-initialism dept.

As the DNS-over-HTTPS (DoH) secured domain querying draft creeps towards standardisation, Mozilla has run a test to see if applying encryption brings too heavy a performance penalty.

One somewhat-surprising outcome: for some queries, performance improved using DoH.

As Mozilla discusses here, run-of-the-mill DNS requests over DoH take a small performance hit.

However, the test team believes a six millisecond slowdown is acceptable, given that users get better security and privacy out of DoH.

The experiment found that from the billion DNS requests it gathered, “the slowest DNS transactions performed much better with the new DoH based system than the traditional one – sometimes hundreds of milliseconds better.”

[...] According to this paper, presented at Usenix earlier this month, interference with DNS is depressingly common.

That paper discovered 8.5 per cent of the networks the authors tested were intercepting DNS requests, and found a large number of networks using deprecated DNS software. Mozilla's Patrick McManus (one of DoH's two authors) hypothesised two possible reasons for the speed-up.

[...] Another Mozilla developer, Daniel Stenberg, posted a list of DoH endpoints here. There are now three “big names” in the list, with PowerDNS launching its server last week.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday August 31 2018, @10:12AM

    by Anonymous Coward on Friday August 31 2018, @10:12AM (#728691)

    Though there appears to be a performance hit in most cases, remember that it will only be once during the TTL of the local DNS entry. After that you'll be using your local DNS cache (until the TTL expires).