Comprometida para conectar al mundo


Effects of secured DNS transport on resolver performance

Effects of secured DNS transport on resolver performance

Authors: Etienne Le Louet, Antoine Blin, Julien Sopena, Kamel Haddadou, Ahmed Amaou
Status: Final
Date of publication: 7 March 2024
Published in: ITU Journal on Future and Evolving Technologies, Volume 5 (2024), Issue 1, Pages 47-61
Article DOI :
Designed 40 years ago, DNS is still a core component of the Internet: billions of DNS queries are processed each day to resolve domain names to IP addresses. Originally designed for performance and scalability, its transport protocol is unencrypted, leading to security flaws. Recently, secure protocols have emerged, but the question of their scalability and sustainability remains open. In this paper, we study the cost of switching from the legacy DNS transport to the newer ones, by first characterising the shape of the traffic between clients and secured public resolvers. Then we replicate said traffic, to measure the added cost of each protocol. We found that, while connections usually stayed open, many closures and openings were made in some cases. Comparing these profiles over different DNS transports, we observe that switching from the legacy protocol to a more secure one can lead to an important performance penalty.

Keywords: DNS, DOH, DOT, HTTP/2, resolver, TLS
Rights: © International Telecommunication Union, available under the CC BY-NC-ND 3.0 IGO license.
electronic file
Detalle del artículoArtículoPrecio
PDF format  