Data Centre

Networks

No D'oh! DNS-over-HTTPS passes Mozilla performance test

Privacy-protecting domain name system standard closer

By Richard Chirgwin

24 SHARE

As the DNS-over-HTTPS (DoH) secured domain querying draft creeps towards standardisation, Mozilla has run a test to see if applying encryption brings too heavy a performance penalty.

One somewhat-surprising outcome: for some queries, performance improved using DoH.

As Mozilla discusses here, run-of-the-mill DNS requests over DoH take a small performance hit.

However, the test team believes a six millisecond slowdown is acceptable, given that users get better security and privacy out of DoH.

The experiment found that from the billion DNS requests it gathered, “the slowest DNS transactions performed much better with the new DoH based system than the traditional one – sometimes hundreds of milliseconds better.”

“First, is the consistency of the service operation – when dealing with thousands of different operating system defined resolvers there are surely some that are overloaded, unmaintained, or forwarded to strange locations," he said. "Second, HTTP’s use of modern loss recovery and congestion control allow it to better operate on very busy or low-quality networks.”

The post said Mozilla will continue its DoH experimentation in advance of a full-scale deployment, which will in part depend on the progress of the standard.

That's drawing closer, with the IETF putting the DoH draft into the RFC editing queue earlier this month (gaining “request for comment” status formalises a document becoming an Internet standard).

In parallel with the progress of the standard, a growing number of organisations are hosting endpoints to handle DoH queries.

Another Mozilla developer, Daniel Stenberg, posted a list of DoH endpoints here. There are now three “big names” in the list, with PowerDNS launching its server last week. ®

Sign up to our NewsletterGet IT in your inbox daily

24 Comments

More from The Register

Net's druids thrash out specs for an independent IETF

This matters because right now there's no formal structure, which makes things tenuous

Firefox Preview for Android: Mozilla has another go at a mobile browser

Firefox Focus frozen as Mozilla redirects Android effort ... despite small market share

Mozilla shaves down Beard to a luxuriant mustache, looks for new CEO by end of year

The clock is ticking to find replacement, he's off by Xmas

Today in tortured tech analogies: Mozilla lets Firefox loose in the hen house, and by hen house, we mean the tracking cookie jar, er...

Remember when people didn't use browsers from the one of world's biggest adtech giants?

Mozilla boots alleged snoop troupe from its root cert coop: UAE-based DarkMatter thrown onto CA blocklist

Maker of Firefox fires fox from hen house guard duty

Mozilla Firefox to begin slow rollout of DNS-over-HTTPS by default at the end of the month

To protect query privacy, browser maker will run everything through Cloudflare

Finally. Thanks so much, nerds. Google, Apple, Mozilla end government* internet spying for good

* Terms and conditions apply. Offer not valid outside Kazakhstan. Your home may be repossessed if you do not keep up payments

This Free software ain't free to make, pal, it's expensive: Mozilla to bankroll Firefox with paid-for premium extras

Browser will remain gratis, optional $$-per-month services to be offered later this year

DoH! Secure DNS doesn't make us a villain, Mozilla tells UK broadband providers

Retort follows nomination for internet villain for helping people bypass UK web filters

Mozilla returns crypto-signed website packaging spec to sender – yes, it's Google

Ad giant's site slurping tech complicates web security model, could give more power to search engines and social networks, Firefox maker warns