My understanding is that DNS queries via UDP (the default) should be faster, but I am seeing the opposite on two Macs I own, and other 3 people I have asked who are also on Mac, see exactly the same thing. It's weird, but queries over UDP are 3-5 times slower than queries over TCP. I cannot reproduce this on my Linux servers for example.<p>On my Macs I switched to DNS over TLS which is much faster than the default UDP querying for me, but I am still curious.<p>Can readers with Macs try as well? To test, I run the command `dig @1.1.1.1 somedomain.com` to test with UDP (with Cloudflare's public DNS in this case, and any domain you want), and the same command but with the additional argument`+tcp` to query over TCP. Try each command a few times. Which one is faster for you? UDP or TCP?<p>Trying to understand if it's a Mac issue. Thanks in advance!
I would rule out UDP vs TCP before testing DNS as they may have a bug in the network stack from a recent kernel update and that should be ruled out first.<p>[Edit 3] I am seeing the same thing to 1.1.1.1. But I can also reproduce this to a few other places on the internet... Yet I do not see this to a handful of UDP listeners I have throughout the US. It seems to be route specific but not CF specific. Perhaps someone here has a 1thousand eyes account and happens to have TCP and UDP probes around the world? The "nc" tests should be performed against all the open resolvers and many authoritative servers around the world to compare results.<p>Simple tests can be done with "nc" to take dig out of the picture. netcat should be available in macports and homebrew. If not, nmap also has a version of netcat. I suggesting taking dig out of the picture as it overrides the OS tcp and socket default options.<p><pre><code> time nc -vnz -w1 1.1.1.1 53
time nc -vnzu -w1 1.1.1.1 53
</code></pre>
The same tests could also be done against any daemons listening for UDP on something other than port 53 to rule out mac <i>or other devices on your network</i> intercepting port 53 and trying to do something intelligent with it.
Querying 1.1.1.1: TCP is 183 msec, UDP is 323 msec.<p>Querying my local DNS, a pi-hole instance running in Docker on a Synology DSM: TCP is 3 msec, UDP is 0 msec (per the dig output).<p>So my initial take is that DNS over UDP is faster on the local network and thus you need to start digging into why Cloudflare is behaving as it is, or maybe there's something with all the hops between you and there. Some transparent DNS proxy or something?
Can confirm. My guess would be that udp is slower because it is not encrypted and at some point providers started to inject answers for various purposes. That is why we now have these services that provide „secure„ dns, but what they are really doing is fingerprinting and collecting data.
Does dig takes into account time it takes to establish a TCP connection? If it counts only time it takes to send and receive a response (after the connection has been established) there should be no statistically significant difference in the result.
On Windows DNS/UDP/WiFi to 8.8.8.8 with query=www.google.com is 3-4ms<p>TCP is around ~10ms including overhead, 3ms excluding.<p>TLS is ~100ms including overhead, 5ms excluding.<p>1.1.1.1:<p>udp - 5ms<p>tcp - 15ms / 10ms<p>tls - 70ms / 4ms<p>Use a sniffer (e.g. wireshark) to get a better idea for timing, I wouldn't count on dig for that.