research-article

Public Access

Measuring DNS-over-HTTPS performance around the world

Authors:

Rishabh Chhabra,

Michael Bailey,

Gang WangAuthors Info & Claims

IMC '21: Proceedings of the 21st ACM Internet Measurement Conference

Pages 351 - 365

https://doi.org/10.1145/3487552.3487849

Published: 02 November 2021 Publication History

Abstract

In recent years, DNS-over-HTTPS (DoH) has gained significant traction as a privacy-preserving alternative to unencrypted DNS. While several studies have measured DoH performance relative to traditional DNS and other encrypted DNS schemes, they are often incomplete, either conducting measurements from single countries or are unable to compare encrypted DNS to default client behavior. To expand on existing research, we use the BrightData proxy network to gather a dataset consisting of 22,052 unique clients across 224 countries and territories. Our data shows that the performance impact of a switch to DoH is mixed, with a median slowdown of 65ms per query across a 10-query connection, but with 28% of clients receiving a speedup over that same interval. We compare four public DoH providers, noting that Cloudflare excels in both DoH resolution time (265ms) and global points-of-presence (146). Furthermore, we analyze geographic differences between DoH and Do53 resolution times, and provide analysis on possible causes, finding that clients from countries with low Internet infrastructure investment are almost twice as likely to experience a slowdown when switching to DoH as those with high Internet infrastructure investment. We conclude with possible improvements to the DoH ecosystem. We hope that our findings can help to inform continuing DoH deployments.

References

[1]

Apple. 2020. Enable encrypted DNS. https://developer.apple.com/videos/play/wwdc2020/10047/.

[2]

Kenji Baheux. 2020. A safer and more private browsing experience on Android with Secure DNS. https://blog.chromium.org/2020/09/a-safer-and-more-private-browsing.html.

[3]

World Bank. 2021. https://data.worldbank.org/indicator/NY.GDP.MKTP.CD.

[4]

BrightData. 2021. Bright Data (formerly Luminati Network). https://brightdata.com/.

[5]

BrightData. 2021. Bright Data's super proxy servers. https://brightdata.com/proxy-types/super-proxy.

[6]

Martin Brinkmann. 2020. Chrome 83: rollout of DNS over HTTPS (Secure DNS) begins. https://www.ghacks.net/2020/05/20/chrome-83-rollout-of-dns-over-https-secure-dns-begins/.

[7]

Content by Rodney. 2021. How to Enable Encrypted DNS on iPhone iOS 14. https://rodneylab.com/how-to-enable-encrypted-dns-on-iphone-ios-14/.

[8]

Timm Böttger, Felix Cuadrado, Gianni Antichi, Eder Leão Fernandes, Gareth Tyson, Ignacio Castro, and Steve Uhlig. 2019. An Empirical Study of the Cost of DNS-over-HTTPS. In ACM Internet Measurement Conference.

[9]

Taejoong Chung, Roland van Rijswijk-Deij, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, and Christo Wilson. 2017. A Longitudinal, End-to-End View of the DNSSEC Ecosystem. In USENIX Security Symposium.

[10]

Taejoong Chung, Roland van Rijswijk-Deij, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, and Christo Wilson. 2017. Understanding the Role of Registrars in DNSSEC Deployment. In ACM Internet Measurement Conference.

[11]

Google Cloud. 2021. https://cloud.google.com/cdn/docs/locations.

[12]

Cloudflare. 2021. Android Pie and later supports DNS over TLS. https://developers.cloudflare.com/1.1.1.1/setup-1.1.1.1/android.

[13]

Cloudflare. 2021. Cloudflare 1.1.1.1. https://1.1.1.1

[14]

Federal Trade Commission. 2021. https://www.fcc.gov/consumers/guides/broadband-speed-guide.

[15]

Casey Deccio and Jacob Davis. 2019. DNS Privacy in Practice and Preparation. In ACM International Conference on emerging Networking EXperiments and Technologies.

[16]

Trinh Viet Doan, Irina Tsareva, and Vaibhav Bajpai. 2021. Measuring DNS over TLS from the Edge: Adoption, Reliability, and Response Times. In Passive and Active Measurement Conference.

Digital Library

[17]

Google. 2019. Google Public DNS. https://developers.google.com/speed/public-dns

[18]

Brian Haberman and Catherine Master. 2017. DNS-over-TLS Measurements with RIPE Atlas Probes. https://datatracker.ietf.org/meeting/102/materials/slides-102-dprive-dns-over-tls-measurements-with-ripe-atlas-probes-01.

[19]

Nguyen Phong Hoang, Arian Akhavan Niaki, Nikita Borisov, Phillipa Gill, and Michalis Polychronakis. 2020. Assessing the Privacy Benefits of Domain Name Encryption. In ACM ASIA Conference on Computer and Communications Security.

[20]

Austin Hounsel, Kevin Borgolte, Paul Schmitt, Jordan Holland, and Nick Feamster. 2019. Analyzing the Costs (and Benefits) of DNS, DoT, and DoH for the Modern Web. In Applied Networking Research Workshop.

Digital Library

[21]

Austin Hounsel, Kevin Borgolte, Paul Schmitt, Jordan Holland, and Nick Feamster. 2020. Comparing the Effects of DNS, DoT, and DoH on Web Performance. In The ACM Web Conference.

Digital Library

[22]

Austin Hounsel, Paul Schmitt, Kevin Borgolte, and Nick Feamster. 2021. Can Encrypted DNS Be Fast?. In Passive and Active Measurement Conference.

Digital Library

[23]

Philip N Howard, Laura Busch, and Penelope Sheets. 2010. Comparing digital divides: Internet access and social inequality in Canada and the United States. Canadian Journal of Communication 35, 1 (2010).

[24]

Qing Huang, Deliang Chang, and Zhou Li. 2020. A Comprehensive Study of DNS-over-HTTPS Downgrade Attack. In USENIX Workshop on Free and Open Communications on the Internet.

[25]

Geoff Huston. 2018. DOH! DNS over HTTPS explained. https://blog.apnic.net/2018/10/12/doh-dns-over-https-explained/.

[26]

IPInfo. 2021. https://ipinfo.io/countries.

[27]

Bind9 ISC. 2021. Bind9 Name Server - ISC. https://www.isc.org/bind/

[28]

Zhihao Li, Dave Levin, Neil Spring, and Bobby Bhattacharjee. 2018. Internet anycast: performance, problems, & potential. In ACM Special Interest Group on Data Communication.

[29]

Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Hai-Xin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang, and Jianping Wu. 2019. An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?. In ACM Internet Measurement Conference.

Digital Library

[30]

Luminati. 2021. Monetize your active and inactive users by becoming a Bright SDK partner. https://luminati.io/sdk

[31]

Mauro Huc. 2021. How to enable DNS over HTTPS (DoH) on Windows 11. https://pureinfotech.com/enable-dns-over-https-windows-11/.

[32]

Maxmind. 2021. https://www.maxmind.com.

[33]

Patrick McManus. 2018. Firefox Nightly Secure DNS Experimental Results. https://blog.nightly.mozilla.org/2018/08/28/firefox-nightly-secure-dns-experimental-results/.

[34]

Microsoft. 2019. https://techcommunity.microsoft.com/t5/networking-blog/windows-will-improve-user-privacy-with-dns-over-https/ba-p/1014229.

[35]

P. Mockapetris. 1987. Domain names - implementation and specification. RFC 1035.

Digital Library

[36]

Mozilla. 2020. https://blog.mozilla.org/blog/2020/02/25/firefox-continues-push-to-bring-dns-over-https-by-default-for-us-users/.

[37]

NextDNS. 2021. NextDNS. https://nextdns.io/

[38]

Morten Meyerhoff Nielsen, Ibrahim Kholilul Rohman, and Nuno Vasco Lopes. 2018. Empirical Analysis of the Current Digital Divides since 2010. In International Conference on Theory and Practice of Electronic Governance.

Digital Library

[39]

Ookla. 2021. https://www.speedtest.net/global-index.

[40]

Quad9. 2018. DoH with Quad9 DNS Servers. https://www.quad9.net/news/blog/doh-with-quad9-dns-servers/

[41]

Lin Quan, John Heidemann, and Yuri Pradkin. 2014. When the Internet Sleeps: Correlating Diurnal Networks with External Factors. In ACM Internet Measurement Conference.

Digital Library

[42]

Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446.

Digital Library

[43]

RIPE NCC 2021. What is RIPE Atlas? RIPE NCC. https://atlas.ripe.net/about/.

[44]

Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, and Carmela Troncoso. 2019. Encrypted DNS → Privacy? A Traffic Analysis Perspective. In ISOC Network and Distributed Systems Security Conference.

[45]

Systemd. 2021. Add support for DNS-over-HTTPS to systemd-resolved. https://github.com/systemd/systemd/issues/8639.

[46]

TrendMicro. 2018. Shining a Light on the Risks of HolaVPN and Luminati. https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/shining-a-light-on-the-risks-of-holavpn-and-luminati.

[47]

Liang Zhu, Zi Hu, John S. Heidemann, Duane Wessels, Allison Mankin, and Nikita Somaiya. 2015. Connection-Oriented DNS to Improve Privacy and Security. In IEEE Security and Privacy Symposium.

Digital Library

Cited By

Zhang ZCheng YXu HZhang ZLi C(2025)Efficient DNS over HTTPS servers discovery method: A voting-based stacked ensemble model with secure connection metadataComputer Networks10.1016/j.comnet.2025.111073(111073)Online publication date: Jan-2025
https://doi.org/10.1016/j.comnet.2025.111073
Lee JMohaisen DKang M(2024)Measuring DNS-over-HTTPS Downgrades: Prevalence, Techniques, and Bypass StrategiesProceedings of the ACM on Networking10.1145/36963852:CoNEXT4(1-22)Online publication date: 25-Nov-2024
https://dl.acm.org/doi/10.1145/3696385
Dadi SWazan ATaj I(2024)Authenticating HTTPS Connection without Relying on Certification Authorities2024 15th Annual Undergraduate Research Conference on Applied Computing (URC)10.1109/URC62276.2024.10604609(1-7)Online publication date: 24-Apr-2024
https://doi.org/10.1109/URC62276.2024.10604609
Show More Cited By

Index Terms

Measuring DNS-over-HTTPS performance around the world
1. Networks
  1. Network performance evaluation
    1. Network measurement
  2. Network services
    1. Naming and addressing

Recommendations

RFC 9230: Oblivious DNS over HTTPS
Detecting DNS over HTTPS based data exfiltration
Abstract
DNS is often used by attackers as a covert channel for data exfiltration, also known as DNS tunneling. Since the plaintext DNS lookup leads to privacy issues, DNS over HTTPS (DoH) has recently been standardized and deployed. DoH ...
RFC 8484: DNS Queries over HTTPS (DoH)

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '21: Proceedings of the 21st ACM Internet Measurement Conference

November 2021

768 pages

ISBN:9781450391290

DOI:10.1145/3487552

General Chairs:
Dave Levin
University of Maryland
,
Alan Mislove
Northeastern University
,
Program Chairs:
Johanna Amann
International Computer Science Institute
,
Matthew Luckie
University of Waikato

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

NSF (National Science Foundation)

Conference

IMC '21

Sponsor:

IMC '21: ACM Internet Measurement Conference

November 2 - 4, 2021

Virtual Event

Acceptance Rates

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
1,814
Total Downloads

Downloads (Last 12 months)667
Downloads (Last 6 weeks)66

Reflects downloads up to 23 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang ZCheng YXu HZhang ZLi C(2025)Efficient DNS over HTTPS servers discovery method: A voting-based stacked ensemble model with secure connection metadataComputer Networks10.1016/j.comnet.2025.111073(111073)Online publication date: Jan-2025
https://doi.org/10.1016/j.comnet.2025.111073
Lee JMohaisen DKang M(2024)Measuring DNS-over-HTTPS Downgrades: Prevalence, Techniques, and Bypass StrategiesProceedings of the ACM on Networking10.1145/36963852:CoNEXT4(1-22)Online publication date: 25-Nov-2024
https://dl.acm.org/doi/10.1145/3696385
Dadi SWazan ATaj I(2024)Authenticating HTTPS Connection without Relying on Certification Authorities2024 15th Annual Undergraduate Research Conference on Applied Computing (URC)10.1109/URC62276.2024.10604609(1-7)Online publication date: 24-Apr-2024
https://doi.org/10.1109/URC62276.2024.10604609
Zhang FLiu BLu CXing YDuan HLiu YChang L(2024)Investigating Deployment Issues of DNS Root Server Instances From a China-Wide ViewIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.337353021:6(5275-5292)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1109/TDSC.2024.3373530
Pinto JScheid EFranco MGranville L(2024)Eeny, Meeny, Miny, Moe: Analyzing and Comparing the Selection of DNS Lookup Tools2024 IEEE Symposium on Computers and Communications (ISCC)10.1109/ISCC61673.2024.10733718(1-6)Online publication date: 26-Jun-2024
https://doi.org/10.1109/ISCC61673.2024.10733718
Silva MFranco MScheid EZembruzki LGranville L(2024)PerfResolv: A Geo-Distributed Approach for Performance Analysis of Public DNS Resolvers Based on Domain PopularityAdvanced Information Networking and Applications10.1007/978-3-031-57853-3_4(35-47)Online publication date: 10-Apr-2024
https://doi.org/10.1007/978-3-031-57853-3_4
Sengupta JKosek MFries JDikshit PBajpai V(2023)Web Privacy By Design: Evaluating Cross-layer Interactions of QUIC, DNS and H/32023 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking57963.2023.10186362(1-9)Online publication date: 12-Jun-2023
https://doi.org/10.23919/IFIPNetworking57963.2023.10186362
Li RJia XZhang ZShao JLu RLin JJia XWei G(2023)A Longitudinal and Comprehensive Measurement of DNS Strict PrivacyIEEE/ACM Transactions on Networking10.1109/TNET.2023.326265131:6(2793-2808)Online publication date: 3-Apr-2023
https://dl.acm.org/doi/10.1109/TNET.2023.3262651
Wang CZhang HTang Y(2023)DDQ: Collaborating Against Common DNS-Resolver-based Trackers2023 IEEE 23rd International Conference on Communication Technology (ICCT)10.1109/ICCT59356.2023.10419627(1325-1329)Online publication date: 20-Oct-2023
https://doi.org/10.1109/ICCT59356.2023.10419627
Jerabek KRysavy OBurgetova I(2023)Analysis of Well-Known DNS over HTTPS Resolvers2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC)10.1109/CCWC57344.2023.10099347(0516-0524)Online publication date: 8-Mar-2023
https://doi.org/10.1109/CCWC57344.2023.10099347
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten