DNS Resolution Tests
The Domain Name System (DNS) converts a hostname (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1). Every time a user wants to load a webpage, this translation must occur. The DNS server test measures the time taken to resolve a DNS query against a target DNS server over UDP, DNS-over-HTTPS or DNS-over-TLS (see Lookup Mechanisms for more information).
The test sends a recursive DNS query (with the recursion desired (RD) bit set) to the DNS server specified. The typical deployment configuration for this test involves querying one or more common hostnames, such as google.com and facebook.com, which increases the likelihood of the DNS server having these items in their caches already.
Whilst the test can be forced to target specific DNS servers, the most common deployment model is to let the DNS client use the system default DNS configuration, which in most cases will be a recursive resolver provided by DHCP. Custom-configured DNS servers can lead to issues when they override the ISP-provided defaults, but this is typically only seen on a very small fraction of cases. Moreover, the DNS server that was used for the query is captured in the results, so such cases can be filtered out afterwards if desired.
Lookup Mechanisms
Unlike DNS-over-UDP, DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) require establishing a connection to the DNS server first – a “handshake” – before resolution time is measured.
DoH Method
Our DNS-over-HTTPS testing method has been validated against the public DoH resolvers from Google and Cloudflare. When carrying out a measurement over DoH, the DNS resolution time recorded is taken from the point that the HTTP/2 request is sent to the DoH to the point the reply is received. In other words, the DoH connection is established first, and this portion of the test is recorded separately from the DNS resolution time.
DoT Method
DNS-over-TLS wraps DNS queries and answers via the Transport Layer Security (TLS) protocol. It is also supported by Google and Cloudflare. Similarly to DoH, server connection establishment and lookup time is measured separately.
Resolution Measurement
A timeout of three seconds is applied to the DNS queries. Any tests that do not receive a response within this time or receive a failed response (such as NXDOMAIN or SERVFAIL response codes) will be marked as failed. When no response is received, retransmissions may occur for a configurable number of attempts, defaulting to three attempts. Additionally, if DoH is in use and the agent cannot connect to the DoH resolver for any reason, then the test will also be marked as a failure.
DNS Server Test Metrics
The test can be configured to measure the following metrics:
The hostname to be resolved.
The query type ('A', 'AAAA', 'NS', 'CNAME', 'MX', 'TXT', 'PTR').
[Optional] Query class (typically 'IN').
[Optional] IP transport to use (IPv4, IPv6 or automatic).
[Optional] DNS server to use (can be specified manually, otherwise the DNS server supplied by DHCP will be used).
[Optional] DNS-over-HTTPS endpoint to make the query against.
[Optional] DNS-over-TLS endpoint to make the query against.
[Optional] Timeout in seconds (defaults to 3 seconds).
[Optional] Number of retransmissions when timeouts occur (defaults to 3).
Values Recorded
The DNS server test records the following values:
A success/failure status, and a failure reason if applicable.
The DNS resolution time (if successful). Note that this excludes DoH/DoT set-up time, if the query is made over DoH/DoT.
The resolved record (e.g. an IPv4 address if the query was for an A record).
The DoH server hostname resolution time, TCP connection time, and SSL handshake time.
DNS Server Test Example
When Facebook went down for 6 hours in 2021, it created a ripple effect that caused a surge in hundreds of millions, if not billions, of people trying to reach offline sites, in turn causing a massive spike in DNS queries. The impact of that increased load can be seen clearly in the chart below, where our data shows major sites such as Google, the BBC and YouTube taking much longer to resolve DNS queries than normal.
DNS Server Test Configuration Options
Configure your DNS server test via the following tabs and fields.
Basic Settings
The basic settings tab contains the settings detailed within Configuring Common Test Settings, plus a field to input DNS record type.
Target: Defaults to an empty string field. Enter a valid domain name or IP address (for PTR (pointer) DNS record types only).
DNS Record Type: Defaults to “A (IPv4)”. Choose also from:
AAAA (IPv6)
CNAME (Alias Redirect)
MX (Mail Server)
NS (Authoritative Name Server)
PTR (IP address)
TXT (Text Stores)
SOA (Start of Authority)
Interval: defaults to 8 hours.
Advanced Settings
Network
Timeout: Defaults to 5 s. Choose also from 1-5 s.
IP Version
Defaults to "Prefer IPv6 (auto-detect)”. Choose also “IPv4 only” or “IPv6 only”.
DNS Resolver
Override system default DNS: Manually sets the DNS server queried for the target domain. Otherwise, by default it will run Do53 over UDP with system-wide server address (TCP fallback if the response sets the truncated flag). Defaults to disabled.
If enabled, a dropdown appears where you can select a server address type and enter a server address. The dropdown defaults to “DNS server address”. If you choose this option, you must input a specified Do53 server for name resolution (UDP with TCP fallback). Choose also from:
DNS-over-HTTPS resolver URL: Uses a custom DoH server for name resolution: fully qualified resolver URL must begin with “https://” and end with “/dns-query”.
DNS-over-TLS resolver IP: Uses a custom DoT server for name resolution: input a resolver IP address.
Agent Testing Thresholds
Cross-traffic, downlink/uplink: Defaults to 25,000 bytes per second down/up.
CPU usage: Defaults to 30%. Range is from 1-100%.
Last updated