Comparing the Effects of DNS, DoT, and DoH on Web Performance

Comparing the Effects of DNS, DoT, and DoH on Web Performance

Nearly every service on the Internet relies on the Domain Name System (DNS), which translates a human-readable name to an IP address before two endpoints can communicate. Today, DNS traffic is unencrypted, leaving users vulnerable to eavesdropping and tampering. Past work has demonstrated that DNS q...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2020-02
Hauptverfasser: Austin Hounsel, Borgolte, Kevin, Schmitt, Paul, Holland, Jordan, Feamster, Nick
Format: Artikel
Sprache:eng
Schlagworte:
Browsing
Caching
Computer Science - Cryptography and Security
Computer Science - Networking and Internet Architecture
Cost benefit analysis
Domain names
Eavesdropping
IP (Internet Protocol)
Load
Protocol (computers)
Queries
Resolvers
Smart buildings
TCP-IP
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Austin Hounsel
Borgolte, Kevin
Schmitt, Paul
Holland, Jordan
Feamster, Nick
description Nearly every service on the Internet relies on the Domain Name System (DNS), which translates a human-readable name to an IP address before two endpoints can communicate. Today, DNS traffic is unencrypted, leaving users vulnerable to eavesdropping and tampering. Past work has demonstrated that DNS queries can reveal a user's browsing history and even what smart devices they are using at home. In response to these privacy concerns, two new protocols have been proposed: DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). Instead of sending DNS queries and responses in the clear, DoH and DoT establish encrypted connections between users and resolvers. By doing so, these protocols provide privacy and security guarantees that traditional DNS (Do53) lacks. In this paper, we measure the effect of Do53, DoT, and DoH on query response times and page load times from five global vantage points. We find that although DoH and DoT response times are generally higher than Do53, both protocols can perform better than Do53 in terms of page load times. However, as throughput decreases and substantial packet loss and latency are introduced, web pages load fastest with Do53. Additionally, web pages successfully load more often with Do53 and DoT than DoH. Based on these results, we provide several recommendations to improve DNS performance, such as opportunistic partial responses and wire format caching.
doi_str_mv 10.48550/arxiv.1907.08089
format Article
fullrecord <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_1907_08089</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2260224896</sourcerecordid><originalsourceid>FETCH-LOGICAL-a526-4d895dc620774c28bb5fc7e4f926088d9e39ed685937ec4d358bfa94186529c33</originalsourceid><addsrcrecordid>eNotj01Lw0AYhBdBsNT-AE8ueG3i5t2P7B48SFqtUFQw4DFs9kNTTDZuUtF_b2w9zRyGmXkQushIyiTn5FrH7-YrzRTJUyKJVCdoBpRmiWQAZ2gxDDtCCIgcOKczdFOEttex6d7w-O7w2ntnxgEHj1ePL0u8CuUS685OZoNDh19djZ9d9CG2ujPuHJ16_TG4xb_OUXm3LotNsn26fyhut4nmIBJmpeLWCCB5zgzIuube5I55BYJIaZWjylkhuaK5M8xSLmuvFcuk4KAMpXN0eaw9sFV9bFodf6o_xurAOCWujok-hs-9G8ZqF_axmz5VMI0AMKkE_QXRLFD4</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2260224896</pqid></control><display><type>article</type><title>Comparing the Effects of DNS, DoT, and DoH on Web Performance</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Austin Hounsel ; Borgolte, Kevin ; Schmitt, Paul ; Holland, Jordan ; Feamster, Nick</creator><creatorcontrib>Austin Hounsel ; Borgolte, Kevin ; Schmitt, Paul ; Holland, Jordan ; Feamster, Nick</creatorcontrib><description>Nearly every service on the Internet relies on the Domain Name System (DNS), which translates a human-readable name to an IP address before two endpoints can communicate. Today, DNS traffic is unencrypted, leaving users vulnerable to eavesdropping and tampering. Past work has demonstrated that DNS queries can reveal a user's browsing history and even what smart devices they are using at home. In response to these privacy concerns, two new protocols have been proposed: DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). Instead of sending DNS queries and responses in the clear, DoH and DoT establish encrypted connections between users and resolvers. By doing so, these protocols provide privacy and security guarantees that traditional DNS (Do53) lacks. In this paper, we measure the effect of Do53, DoT, and DoH on query response times and page load times from five global vantage points. We find that although DoH and DoT response times are generally higher than Do53, both protocols can perform better than Do53 in terms of page load times. However, as throughput decreases and substantial packet loss and latency are introduced, web pages load fastest with Do53. Additionally, web pages successfully load more often with Do53 and DoT than DoH. Based on these results, we provide several recommendations to improve DNS performance, such as opportunistic partial responses and wire format caching.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.1907.08089</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Browsing ; Caching ; Computer Science - Cryptography and Security ; Computer Science - Networking and Internet Architecture ; Cost benefit analysis ; Domain names ; Eavesdropping ; IP (Internet Protocol) ; Load ; Protocol (computers) ; Queries ; Resolvers ; Smart buildings ; TCP-IP</subject><ispartof>arXiv.org, 2020-02</ispartof><rights>2020. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,782,786,887,27934</link.rule.ids><backlink>$$Uhttps://doi.org/10.48550/arXiv.1907.08089$$DView paper in arXiv$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.1145/3366423.3380139$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink></links><search><creatorcontrib>Austin Hounsel</creatorcontrib><creatorcontrib>Borgolte, Kevin</creatorcontrib><creatorcontrib>Schmitt, Paul</creatorcontrib><creatorcontrib>Holland, Jordan</creatorcontrib><creatorcontrib>Feamster, Nick</creatorcontrib><title>Comparing the Effects of DNS, DoT, and DoH on Web Performance</title><title>arXiv.org</title><description>Nearly every service on the Internet relies on the Domain Name System (DNS), which translates a human-readable name to an IP address before two endpoints can communicate. Today, DNS traffic is unencrypted, leaving users vulnerable to eavesdropping and tampering. Past work has demonstrated that DNS queries can reveal a user's browsing history and even what smart devices they are using at home. In response to these privacy concerns, two new protocols have been proposed: DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). Instead of sending DNS queries and responses in the clear, DoH and DoT establish encrypted connections between users and resolvers. By doing so, these protocols provide privacy and security guarantees that traditional DNS (Do53) lacks. In this paper, we measure the effect of Do53, DoT, and DoH on query response times and page load times from five global vantage points. We find that although DoH and DoT response times are generally higher than Do53, both protocols can perform better than Do53 in terms of page load times. However, as throughput decreases and substantial packet loss and latency are introduced, web pages load fastest with Do53. Additionally, web pages successfully load more often with Do53 and DoT than DoH. Based on these results, we provide several recommendations to improve DNS performance, such as opportunistic partial responses and wire format caching.</description><subject>Browsing</subject><subject>Caching</subject><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Networking and Internet Architecture</subject><subject>Cost benefit analysis</subject><subject>Domain names</subject><subject>Eavesdropping</subject><subject>IP (Internet Protocol)</subject><subject>Load</subject><subject>Protocol (computers)</subject><subject>Queries</subject><subject>Resolvers</subject><subject>Smart buildings</subject><subject>TCP-IP</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj01Lw0AYhBdBsNT-AE8ueG3i5t2P7B48SFqtUFQw4DFs9kNTTDZuUtF_b2w9zRyGmXkQushIyiTn5FrH7-YrzRTJUyKJVCdoBpRmiWQAZ2gxDDtCCIgcOKczdFOEttex6d7w-O7w2ntnxgEHj1ePL0u8CuUS685OZoNDh19djZ9d9CG2ujPuHJ16_TG4xb_OUXm3LotNsn26fyhut4nmIBJmpeLWCCB5zgzIuube5I55BYJIaZWjylkhuaK5M8xSLmuvFcuk4KAMpXN0eaw9sFV9bFodf6o_xurAOCWujok-hs-9G8ZqF_axmz5VMI0AMKkE_QXRLFD4</recordid><startdate>20200223</startdate><enddate>20200223</enddate><creator>Austin Hounsel</creator><creator>Borgolte, Kevin</creator><creator>Schmitt, Paul</creator><creator>Holland, Jordan</creator><creator>Feamster, Nick</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20200223</creationdate><title>Comparing the Effects of DNS, DoT, and DoH on Web Performance</title><author>Austin Hounsel ; Borgolte, Kevin ; Schmitt, Paul ; Holland, Jordan ; Feamster, Nick</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a526-4d895dc620774c28bb5fc7e4f926088d9e39ed685937ec4d358bfa94186529c33</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Browsing</topic><topic>Caching</topic><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Networking and Internet Architecture</topic><topic>Cost benefit analysis</topic><topic>Domain names</topic><topic>Eavesdropping</topic><topic>IP (Internet Protocol)</topic><topic>Load</topic><topic>Protocol (computers)</topic><topic>Queries</topic><topic>Resolvers</topic><topic>Smart buildings</topic><topic>TCP-IP</topic><toplevel>online_resources</toplevel><creatorcontrib>Austin Hounsel</creatorcontrib><creatorcontrib>Borgolte, Kevin</creatorcontrib><creatorcontrib>Schmitt, Paul</creatorcontrib><creatorcontrib>Holland, Jordan</creatorcontrib><creatorcontrib>Feamster, Nick</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Austin Hounsel</au><au>Borgolte, Kevin</au><au>Schmitt, Paul</au><au>Holland, Jordan</au><au>Feamster, Nick</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Comparing the Effects of DNS, DoT, and DoH on Web Performance</atitle><jtitle>arXiv.org</jtitle><date>2020-02-23</date><risdate>2020</risdate><eissn>2331-8422</eissn><abstract>Nearly every service on the Internet relies on the Domain Name System (DNS), which translates a human-readable name to an IP address before two endpoints can communicate. Today, DNS traffic is unencrypted, leaving users vulnerable to eavesdropping and tampering. Past work has demonstrated that DNS queries can reveal a user's browsing history and even what smart devices they are using at home. In response to these privacy concerns, two new protocols have been proposed: DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). Instead of sending DNS queries and responses in the clear, DoH and DoT establish encrypted connections between users and resolvers. By doing so, these protocols provide privacy and security guarantees that traditional DNS (Do53) lacks. In this paper, we measure the effect of Do53, DoT, and DoH on query response times and page load times from five global vantage points. We find that although DoH and DoT response times are generally higher than Do53, both protocols can perform better than Do53 in terms of page load times. However, as throughput decreases and substantial packet loss and latency are introduced, web pages load fastest with Do53. Additionally, web pages successfully load more often with Do53 and DoT than DoH. Based on these results, we provide several recommendations to improve DNS performance, such as opportunistic partial responses and wire format caching.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.1907.08089</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2020-02
issn 2331-8422
language eng
recordid cdi_arxiv_primary_1907_08089
source arXiv.org; Free E- Journals
subjects Browsing
Caching
Computer Science - Cryptography and Security
Computer Science - Networking and Internet Architecture
Cost benefit analysis
Domain names
Eavesdropping
IP (Internet Protocol)
Load
Protocol (computers)
Queries
Resolvers
Smart buildings
TCP-IP
title Comparing the Effects of DNS, DoT, and DoH on Web Performance
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-02T00%3A42%3A58IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Comparing%20the%20Effects%20of%20DNS,%20DoT,%20and%20DoH%20on%20Web%20Performance&rft.jtitle=arXiv.org&rft.au=Austin%20Hounsel&rft.date=2020-02-23&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.1907.08089&rft_dat=%3Cproquest_arxiv%3E2260224896%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2260224896&rft_id=info:pmid/&rfr_iscdi=true