Data Centre


No D'oh! DNS-over-HTTPS passes Mozilla performance test

Privacy-protecting domain name system standard closer

By Richard Chirgwin


As the DNS-over-HTTPS (DoH) secured domain querying draft creeps towards standardisation, Mozilla has run a test to see if applying encryption brings too heavy a performance penalty.

One somewhat-surprising outcome: for some queries, performance improved using DoH.

As Mozilla discusses here, run-of-the-mill DNS requests over DoH take a small performance hit.

However, the test team believes a six millisecond slowdown is acceptable, given that users get better security and privacy out of DoH.

The experiment found that from the billion DNS requests it gathered, “the slowest DNS transactions performed much better with the new DoH based system than the traditional one – sometimes hundreds of milliseconds better.”

“First, is the consistency of the service operation – when dealing with thousands of different operating system defined resolvers there are surely some that are overloaded, unmaintained, or forwarded to strange locations," he said. "Second, HTTP’s use of modern loss recovery and congestion control allow it to better operate on very busy or low-quality networks.”

The post said Mozilla will continue its DoH experimentation in advance of a full-scale deployment, which will in part depend on the progress of the standard.

That's drawing closer, with the IETF putting the DoH draft into the RFC editing queue earlier this month (gaining “request for comment” status formalises a document becoming an Internet standard).

In parallel with the progress of the standard, a growing number of organisations are hosting endpoints to handle DoH queries.

Another Mozilla developer, Daniel Stenberg, posted a list of DoH endpoints here. There are now three “big names” in the list, with PowerDNS launching its server last week. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Net's druids thrash out specs for an independent IETF

This matters because right now there's no formal structure, which makes things tenuous

This Free software ain't free to make, pal, it's expensive: Mozilla to bankroll Firefox with paid-for premium extras

Browser will remain gratis, optional $$-per-month services to be offered later this year

Mozilla returns crypto-signed website packaging spec to sender – yes, it's Google

Ad giant's site slurping tech complicates web security model, could give more power to search engines and social networks, Firefox maker warns

Mozilla security policy cracks down on creepy web trackers, holds supercookies over fire

Firefox maker sets out dodgy practices the browser will block

From Firefox to fired cocks: Look who's out to save you being shafted by insecure Internet of Dingalings – it's Mozilla!

Secret-keeping screw-ups bedevil amorous appliances

IETF mulls adding geoblock info to 'Bradbury's code'

Proposal to extend Error 451

Mozilla tries to do Java as it should have been – with a WASI spec for all devices, computers, operating systems

One binary to rule them all

Mozilla wants to seduce BOFHs with button-down Firefox

Control. Control. Control

Idea to encrypt stuff on the web at rest hits the IETF's Standard Track

Mozilla engineer spots a gap in online security, reaches for the patch kit

Updating Things: IETF bods suggest standard

Proposal offers proper authentication, verification and over-the-air delivery