Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Hostname resolution timing in DNS over HTTPS

From: Kostas Antoniou via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 4 Dec 2019 19:08:49 +0000

Hello all,

I have been working around curl and its dns over https and I was wondering how one could measure the time that the DNS/DoH server takes to resolve the hostname?

I have tested two approaches. (Windows 10, cURL 7.66 with OpenSSL/1.1.1d. nghttp2/1.39.2)

  1. curl --trace .\DOH_trace.txt --trace-time -w "\ntime_namelookup=%{time_namelookup}\n" --doh-url https://mydohserver/dns-query example.com<https://mydohserver/dns-query%20example.com>

According to the curl manpages, time_namelookup will provide the time from the start until the name is resolved. This is pretty clear when we use it for DNS over port 53 queries, however it is unclear if it applies to the DOH hostname (https://mydohserver /dns-query<https://mydohserver%20/dns-query> ) of the name to be resolved (example.com). Furthermore, the timestamped traces show two DoH connections.

  1. curl --trace .\alternatemethod.txt --trace-time -w "\ntime_namelookup=%{time_namelookup}\n" --output .\output.txt --get --data "dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB" --tls-max 1.3 --header "HOST: mydohserver/dns-query" --header "Content-Type:application/dns-message" https://mydohserver/dns-query

In this case the value of time_namelookup will indicate the time until https://mydohserver/dns-query was resolved(?). The trace timestamps cover the time from the trial to connect to mydohserver until after the response 200 from the DoH server that the file has been received and resolved( Most likely resolved because in the trace file at the end www.example.com<http://www.example.com> appears, which is the hostname that was in the dns query).

Adding the values of time_namelookup and the last timestamp yields a value smaller than the name resolution of the 1st method (Comparisons done by running each command with a difference of 3 minutes from the other).

Furthermore, both methods take into account the time that will be needed for the connection setup and SSL handshakes, thus leading to times of hundreds of milliseconds (depending on the DoH host).

Any suggestions about how to collect the time from the moment the request leaves the client and until only the resolved hostname information come back?

Thank you very much and apologies for the long email,

Kostas Antoniou

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-12-04