DNS Resolution Tests

The Domain Name System (DNS) converts a hostname (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1). Every time a user wants to load a webpage, this translation must occur. The DNS resolution test measures the time taken to resolve a DNS query against a target DNS server over UDP, DNS-over-HTTPS or DNS-over-TLS (see Lookup Mechanisms for more information).

The test sends a recursive DNS query (with the recursion desired (RD) bit set) to the DNS server specified. The typical deployment configuration for this test involves querying one or more common hostnames, such as google.com and facebook.com, which increases the likelihood of the DNS server having these items in their caches already.

Whilst the test can be forced to target specific DNS servers, the most common deployment model is to let the DNS client use the system default DNS configuration, which in most cases will be a recursive resolver provided by DHCP. Custom-configured DNS servers can lead to issues when they override the ISP-provided defaults, but this is typically only seen on a very small fraction of cases. Moreover, the DNS server that was used for the query is captured in the results, so such cases can be filtered out afterwards if desired.

Lookup Mechanisms

Unlike DNS-over-UDP, DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) require establishing a connection to the DNS server first – a “handshake” – before resolution time is measured.

DoH Method

Our DNS-over-HTTPS testing method has been validated against the public DoH resolvers from Google and Cloudflare. When carrying out a measurement over DoH, the DNS resolution time recorded is taken from the point that the HTTP/2 request is sent to the DoH to the point the reply is received. In other words, the DoH connection is established first, and this portion of the test is recorded separately from the DNS resolution time.

DoT Method

DNS-over-TLS wraps DNS queries and answers via the Transport Layer Security (TLS) protocol. It is also supported by Google and Cloudflare. Similarly to DoH, server connection establishment and lookup time is measured separately.

Resolution Measurement

A timeout of three seconds is applied to the DNS queries. Any tests that do not receive a response within this time or receive a failed response (such as NXDOMAIN or SERVFAIL response codes) will be marked as failed. When no response is received, retransmissions may occur for a configurable number of attempts, defaulting to three attempts. Additionally, if DoH is in use and the agent cannot connect to the DoH resolver for any reason, then the test will also be marked as a failure.

DNS Test Metrics

The test can be configured to measure the following metrics:

• The hostname to be resolved.

• The query type ('A', 'AAAA', 'NS', 'CNAME', 'MX', 'TXT', 'PTR').

• [Optional] Query class (typically 'IN').

• [Optional] IP transport to use (IPv4, IPv6 or automatic).

• [Optional] DNS server to use (can be specified manually, otherwise the DNS server supplied by DHCP will be used).

• [Optional] DNS-over-HTTPS endpoint to make the query against.

• [Optional] DNS-over-TLS endpoint to make the query against.

• [Optional] Timeout in seconds (defaults to 3 seconds).

• [Optional] Number of retransmissions when timeouts occur (defaults to 3).

Values Recorded

The DNS resolution test records the following values:

• A success/failure status, and a failure reason if applicable.

• The DNS resolution time (if successful). Note that this excludes DoH/DoT set-up time, if the query is made over DoH/DoT.

• The resolved record (e.g. an IPv4 address if the query was for an A record).

• The DoH server hostname resolution time, TCP connection time, and SSL handshake time.

DNS Test Example

When Facebook went down for 6 hours in 2021, it created a ripple effect that caused a surge in hundreds of millions, if not billions, of people trying to reach offline sites, in turn causing a massive spike in DNS queries. The impact of that increased load can be seen clearly in the chart below, where our data shows major sites such as Google, the BBC and YouTube taking much longer to resolve DNS queries than normal.