curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Hostname resolution timing in DNS over HTTPS

From: Kostas Antoniou via curl-users <>
Date: Wed, 4 Dec 2019 19:08:49 +0000

Hello all,

I have been working around curl and its dns over https and I was wondering how one could measure the time that the DNS/DoH server takes to resolve the hostname?

I have tested two approaches. (Windows 10, cURL 7.66 with OpenSSL/1.1.1d. nghttp2/1.39.2)

  1. curl --trace .\DOH_trace.txt --trace-time -w "\ntime_namelookup=%{time_namelookup}\n" --doh-url https://mydohserver/dns-query<https://mydohserver/>

According to the curl manpages, time_namelookup will provide the time from the start until the name is resolved. This is pretty clear when we use it for DNS over port 53 queries, however it is unclear if it applies to the DOH hostname (https://mydohserver /dns-query<https://mydohserver%20/dns-query> ) of the name to be resolved ( Furthermore, the timestamped traces show two DoH connections.

  1. curl --trace .\alternatemethod.txt --trace-time -w "\ntime_namelookup=%{time_namelookup}\n" --output .\output.txt --get --data "dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB" --tls-max 1.3 --header "HOST: mydohserver/dns-query" --header "Content-Type:application/dns-message" https://mydohserver/dns-query

In this case the value of time_namelookup will indicate the time until https://mydohserver/dns-query was resolved(?). The trace timestamps cover the time from the trial to connect to mydohserver until after the response 200 from the DoH server that the file has been received and resolved( Most likely resolved because in the trace file at the end<> appears, which is the hostname that was in the dns query).

Adding the values of time_namelookup and the last timestamp yields a value smaller than the name resolution of the 1st method (Comparisons done by running each command with a difference of 3 minutes from the other).

Furthermore, both methods take into account the time that will be needed for the connection setup and SSL handshakes, thus leading to times of hundreds of milliseconds (depending on the DoH host).

Any suggestions about how to collect the time from the moment the request leaves the client and until only the resolved hostname information come back?

Thank you very much and apologies for the long email,

Kostas Antoniou

Received on 2019-12-04