High DoH resolution latency

Jeff_Loughridge
10 mths ago
5replies

My DoH resolution latency is consistently ~ 500 ms despite relatively low network latency and much faster standard DNS lookups. I believe this is having a very adverse affect on browser performance. I strongly prefer the privacy DoH offers and would rather not configure my clients to use standard DNS.

Any recommendations for additional troubleshooting?

jeffl@Dell:~$ bin/trustydns-dig https://dns.nextdns.io google.com mx
;; opcode: QUERY, status: NOERROR, id: 53538
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;google.com. IN MX

;; ANSWER SECTION:
google.com. 300 IN MX 10 smtp.google.com.

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1232

;; Query Time: 423ms/0s
;; Final Server: https://dns.nextdns.io
;; Tries: 1(queries) 1(servers)
;; Payload Size: 80

jeffl@Dell:~$

jeffl@Dell:~dig @45.90.28.175 www.yahoo.com

; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> @45.90.28.175 www.yahoo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48433
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.yahoo.com. IN A

;; ANSWER SECTION:
www.yahoo.com. 35 IN CNAME me-ycpi-cf-www.g06.yahoodns.net.
me-ycpi-cf-www.g06.yahoodns.net. 35 IN A 209.73.179.248
me-ycpi-cf-www.g06.yahoodns.net. 35 IN A 209.73.179.247

;; Query time: 20 msec
;; SERVER: 45.90.28.175#53(45.90.28.175) (UDP)
;; WHEN: Thu Dec 05 10:26:00 EST 2024
;; MSG SIZE rcvd: 119

jeffl@Dell:~$

jeffl@Dell:~$ sh -c 'sh -c "$(curl -s https://nextdns.io/diag)"'

Welcome to NextDNS network diagnostic tool.

This tool will download a small binary to capture latency and routing information
regarding the connectivity of your network with NextDNS. In order to perform a
traceroute, root permission is required. You may therefore be asked to provide
your password for sudo.

The source code of this tool is available at https://github.com/nextdns/diag

Do you want to continue? (press enter to accept)
[sudo] password for jeffl:
Testing IPv6 connectivity
available: false
Fetching https://test.nextdns.io
status: ok
client: 2600:4040:4025:a500:f4be:481f:aff7:cff0
protocol: UDP
dest IP:
server: vultr-atl-1
Fetching PoP name for ultra low latency primary IPv4 (ipv4.dns1.nextdns.io)
hetzner-iad: 8.417ms
Fetching PoP name for ultra low latency secondary IPv4 (ipv4.dns2.nextdns.io)
zepto-iad: 32.955ms
Fetching PoP name for anycast primary IPv4 (45.90.28.0)
vultr-atl: 22.939ms
Fetching PoP name for anycast secondary IPv4 (45.90.30.0)
zepto-iad: 9.386ms
Pinging PoPs
hydron-clt: 9.298ms
hetzner-iad: 9.36ms
anexia-mnz: 9.352ms
anexia-ewr: 9.324ms
zepto-xrs: 19.305ms
zepto-iad: 21.107ms
tier-clt: 22.799ms
vultr-ewr: 21.104ms
teraswitch-pit: 40.022ms
cloudzy-pit: 59.538ms
Traceroute for ultra low latency primary IPv4 (5.161.43.197)
1 192.168.0.1 29ms 15ms 15ms
2 72.86.37.1 6ms 8ms 7ms
3 100.41.24.130 17ms 4ms 14ms
4 * * *
5 * * *
6 62.115.56.201 12ms 11ms 9ms
7 5.161.0.82 9ms 9ms 9ms
8 * * *
9 5.161.8.250 12ms 9ms 9ms
10 5.161.43.197 11ms 12ms 5ms
Traceroute for ultra low latency secondary IPv4 (199.119.65.94)
1 192.168.0.1 1ms 0ms 0ms
2 72.86.37.1 9ms 9ms 7ms
3 100.41.24.132 11ms 10ms 7ms
4 * * *
5 80.239.135.178 9ms 12ms *
6 62.115.10.98 6ms 10ms 21ms
7 45.134.214.101 7ms 8ms 11ms
8 199.119.65.14 7ms 9ms 16ms
9 199.119.65.94 13ms 10ms 9ms
Traceroute for anycast primary IPv4 (45.90.28.0)
1 192.168.0.1 0ms 0ms 0ms
2 72.86.37.1 21ms 14ms 5ms
3 100.41.24.130 11ms 9ms 11ms
4 * * *
5 80.239.135.178 9ms 11ms *
6 62.115.123.124 10ms * 17ms
7 * * *
8 62.115.138.241 20ms 21ms 28ms
9 213.248.96.151 28ms 20ms 25ms
10 * * *
11 * * *
12 * * *
13 45.90.28.0 24ms 17ms 20ms
Traceroute for anycast secondary IPv4 (45.90.30.0)
1 192.168.0.1 2ms 2ms 0ms
2 72.86.37.1 12ms 5ms 10ms
3 100.41.24.130 13ms 7ms 17ms
4 * * *
5 80.239.135.178 * * 10ms
6 62.115.10.98 17ms 10ms 19ms
7 45.134.214.101 9ms 11ms 9ms
8 199.119.65.14 7ms 12ms 7ms
9 45.90.30.0 13ms 6ms 12ms
Do you want to send this report? [Y/n]:

- ChrisC
- 10 mths ago
- Reported - view
What software are you using for DoH? I am using dnscrypt and its very fast, same speed as cloudflare.
- Jeff_Loughridge
  
  10 mths ago
  
  Reported - view
  I have the nextdns client loaded on most end systems. In addition, I have secure DNS configured in Chrome to use NextDNS. My understanding is that either one should be sufficient for the client to use DoH.
- NextDNs
- 10 mths ago
- Reported - view
Looking at the report, your queries seems to be around 8 and 30ms.
- Jeff_Loughridge
  
  10 mths ago
  
  Reported - view
  I recognize that I could analyze NextDNS diag tool's source code on Github; however, short of that or wireshark capture, I am not clear on what tests the diag is executing. The trustydns client I'm using (https://github.com/markdingo/trustydns) is explicitly using DoH. Is there a doubt about its reporting of ~ 500 ms latency? I see much faster DoH resolution when I use trustdns to query public DoH servers. I cannot rule out that I am improperly analyzing what is happening.
- Jeff_Loughridge
  
  10 mths ago
  
  Reported - view
  I wanted to follow up on this. If you doubt the results of the trustydns command line tool which shows 400 to 500 ms, is there an alternate command line tool that you want me to execute to measure DoH resolution time?

Content aside

10 mths agoLast active
5Replies
264Views
3 Following

High DoH resolution latency

5 replies

Content aside

Home

Tags