By: Alan Jones
The way search engines find websites is through DNS – the Domain Naming System. It’s basically the ‘phone book’ of the Internet, translating domain names to IP addresses. DNS has been in use since the beginning of the Internet, but there’s something new on the horizon. The DNS-over-HTTPS (DoH) protocol was created to provide a more secure alternative to conventional DNS, and in October 2018, the IETF formally adopted the new protocol. Several web browsers are currently offering DoH as an option today, and the list is expected to grow, due to its additional layer of security protecting users’ private information. However, detractors of DoH highlight several potential issues with mainstream DoH deployments, one of which focuses on performance. This issue applies to wireless and wireline-connected users alike.
DoH Performance Concerns
In recent tests conducted by NetForecast, we compared DoH resolution times to those from DNS. Our key finding showed lookup times dramatically increased with DoH. Over the course of a week, more than 175,000 measurements were taken from three test servers located across different regions of the U.S., (see figure 1 below).
NetForecast tested the round-trip times for accessing and navigating each of the following websites: NetForecast, Google, YouTube, Facebook, Wikipedia, Reddit, Amazon, Yahoo, and Instagram.
Our preliminary research findings showed:
- Lookup times dramatically increase with DoH: The initial test results show that DoH lookup times are longer than DNS lookup times. On average, a DoH lookup time was 92.2ms, adding approximately 77ms when compared to the average DNS lookup time of 15.1ms.
- Lookup times increase on applications that require multiple lookups: Longer lookup times will have the most notable adverse effect on users of applications that require many lookups, such as social media, news feeds, and e-commerce sites.
- User location and content destination impact DoH performance: The tests found DoH performance varies, based on the region in which the user is located, as well as the location of the destination content server.
- DoH and DNS lookup times vary over time: While both DoH and DNS lookup times vary over time, the variations with DoH were less pronounced. Because both lookup times change over time, ISPs should continuously monitor their performance to manage the user experience.
How DoH Will Impact User Quality-of-Experience
While deploying DoH may create challenges, such as DoH servers becoming a single point of failure, loss of protection from malicious URLs, and reduced performance based on increased DNS overhead, user experience may become the primary issue Internet Service Providers (ISPs) will need to address. When we consider roughly 74% of Facebook users access the platform daily, and 51% visit multiple times per day – the degradation of the user experience will increasingly frustrate customers. Also, as end-to-end network latency increases, the effect of DoH-over-DNS will be amplified.
As DoH increases in popularity, potentially becoming the preferred protocol, now is the time for website owners and network service providers to measure user quality – beginning before and continuing after deploying DoH. This monitoring will enable service providers to establish an initial baseline with DNS, and then monitor and manage DoH performance continuously, to better gauge its impact.
It’s important to note that resolution time variations can create significant QoE problems for users that are impossible to detect or analyze using speed tests alone. For this reason, network measurements utilizing an extensive network of probes to measure latency and DNS lookup times are required to identify issues affecting customer QoE in real-time.
As new technologies and architectures are deployed, ISPs need ways to ensure service experience quality and detect when problems arise. When providing Internet service in the ‘black box’ environment of DoH, this becomes especially important. To read NetForecast’s full report, which includes our methodology and detailed results, download here.