Analyzing the costs (and benefits) of DNS, DoT, and DoH for the modern web

We measure the effect of DoH and DoT on name resolution performance and content delivery. We find that although DoH and DoT response times can be higher than for conventional DNS (Do53), DoT performs better than DoH and Do53 in terms of page load times. However, when network conditions degrade, webpages load quickest with Do53, and up to one second faster compared to DoH. Furthermore, in a substantial amount of cases, a webpage may not load at all with DoH, while it loads successfully with DoT and Do53. Our in-depth analysis reveals various opportunities to readily improve DNS performance, for example through opportunistic partial responses and wire format caching.

[1]  Aleksandra Korolova,et al.  Enumerating Privacy Leaks in DNS Data Collected above the Recursive ( Short paper ) , 2017 .

[2]  Carlo Contavalli,et al.  Client Subnet in DNS Queries , 2016, RFC.

[3]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[4]  John P. Rula,et al.  Content delivery and the natural evolution of DNS: remote dns trends, performance issues and alternative solutions , 2012, Internet Measurement Conference.

[5]  Paul E. Hoffman,et al.  Specification for DNS over Transport Layer Security (TLS) , 2016, RFC.

[6]  Duane Wessels,et al.  DNS Transport over TCP - Implementation Requirements , 2016, RFC.

[7]  John S. Heidemann,et al.  Connection-Oriented DNS to Improve Privacy and Security , 2015, 2015 IEEE Symposium on Security and Privacy.

[8]  Peter Saint-Andre,et al.  Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) , 2015, RFC.

[9]  Nick Feamster,et al.  Oblivious DNS: Practical Privacy for DNS Queries , 2018, Proc. Priv. Enhancing Technol..

[10]  Wouter Joosen,et al.  Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation , 2018, NDSS.

[11]  Martin Thomson,et al.  Hypertext Transfer Protocol Version 2 (HTTP/2) , 2015, RFC.

[12]  Wes Hardaker Analyzing and Mitigating Privacy with the DNS Root Service , 2018 .

[13]  Rebecca E. Grinter,et al.  Measuring and Mitigating Web Performance Bottlenecks in Broadband Access Networks , 2014 .

[14]  Paul E. Hoffman,et al.  DNS Queries over HTTPS (DoH) , 2018, RFC.

[15]  David Wetherall,et al.  Demystifying Page Load Performance with WProf , 2013, NSDI.

[16]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.