What If there was a way to make DNS queries faster?

  • DNS Benchmark v2 is Finished and Available!
    Guest:
    That's right. It took an entire year, but the result far more accurate and feature laden than we originally planned. The world now has a universal, multi-protocol, super-accurate, DNS resolver performance-measuring tool. This major second version is not free. But the deal is, purchase it once for $9.95 and you own it — and it's entire future — without ever being asked to pay anything more. For an overview list of features and more, please see The DNS Benchmark page at GRC. If you decide to make it your own, thanks in advance. It's a piece of work I'm proud to offer for sale. And if you should have any questions, many of the people who have been using and testing it throughout the past year often hang out here.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

P

PeterUK

Member
Oct 30, 2024
22
1
Instead of the OS using one DNS IP to look up DNS why not have a way for one query to try many DNS servers at the same time?

Should you put on your system DNS as 127.0.0.1 then the DNS Benchmark service at a cost option fires the query to 1.1.1.1, 8.8.8.8 and 9.9.9.9 at the same time fastest reply back is allowed.
 
Q: Google, How does DNS lookup work through Windows with multiple DNS Nameserver resolvers?

A: Windows handles multiple DNS servers by querying them in a specific order, usually sequentially for the first server on the preferred adapter, then moving to others if timeouts occur, with some modern settings like Smart Multi Host Name Resolution querying in parallel for speed; the client uses the first server that responds (either with an answer or a negative response) and caches the result, then returns it to the application, relying on the DNS protocol's recursive process for the actual name resolution. [1, 2, 3, 4]

Step-by-Step DNS Lookup in Windows

  1. Application Initiates Request: A program (like a browser) asks the operating system to resolve a domain name (e.g., ).
  2. Windows DNS Client Service: The OS's DNS Client service takes over, checking its local cache first. If not found, it begins querying configured DNS servers.
  3. Querying Multiple Servers:
    • Default/Sequential: It sends the query to the first DNS server on the primary adapter, waiting about 1 second. If no response, it tries the next server on that adapter, then servers on other adapters, increasing timeout intervals.
    • Smart Multi Host Name Resolution (Parallel): If enabled, it queries all configured servers (across adapters) simultaneously and uses the first one to respond, speeding things up.
  4. Server-Side Resolution (Recursion): The queried DNS server (your ISP's or a public one like Google's) acts as a resolver.
    • It checks its own cache.
    • If needed, it recursively queries root servers, TLD servers (like .com), and finally the authoritative server for to find the IP address.
  5. Response & Caching: The authoritative server replies to your resolver with the IP address. Your resolver then caches this answer and sends it back to the Windows client.
  6. Final Delivery: Windows caches the IP and gives it to the application, which then connects to the website. [1, 2, 3, 4, 5, 6, 7, 8]
Key Factors
  • Adapter Priority: DNS servers on your primary network adapter are generally preferred.
  • Timeouts: Windows uses timeouts (e.g., 1s, 2s, 4s) to determine when to move to the next server in the list if a response isn't received.
  • First Response Wins: For positive (IP found) or negative (domain not found) responses, Windows usually accepts the first reply and stops further queries for that name. [2, 3, 4]
[1] https://learn.microsoft.com/en-us/windows-server/networking/dns/queries-lookups

[2]
https://www.reddit.com/r/sysadmin/comments/1elk80k/how_windows_dns_actually_works

[3] https://serverfault.com/questions/1...ver-if-one-authoritative-name-server-does-not

[4] https://serverfault.com/questions/1...ient-resolver-switch-back-to-the-first-server

[5] https://www.lenovo.com/us/en/glossary/dns-resolver/

[6] https://www.digicert.com/faq/dns/how-does-dns-lookup-work

[7] https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-dns-concepts

[8] https://stackoverflow.com/questions/48134705/the-process-of-dns-lookup
 
Ok I give example of what I mean

let say you lookup grc.com

by 1.1.1.1 is 12ms
by 8.8.8.8 is 15ms
by 9.9.9.9 is 17ms

so looking at that you want to use 1.1.1.1 but then the next time you lookup grc.com

by 1.1.1.1 is 20ms
by 8.8.8.8 is 16ms
by 9.9.9.9 is 18ms

so now 8.8.8.8 is better to use

But here it the idea you use 127.0.0.1 and DNS Benchmark service as a cost option for Pro fires the lookup for the three DNS to do the lookup then you wait from the fastest reply saving you ms because one DNS server to another the reply could take shorter or longer that the each.

You could even make it a Security idea such that you lookup grc.com and check all the replies back match to then pass it to the app such that if DNS Cache Poisoning has happened you can be notified.
 
Last edited:
A big reason is that it's bad internet etiquette. DNS servers require hefty amounts of internet bandwidth, RAM, and processing power. In your scheme you're basically wasting the DNS services of two out three DNS requests you make. Given that DNS service is basically free (though we indirectly pay for it), it's just a bad idea.
 
There is a way to make DNS queries "faster." Simply run a caching-only server on your network. Use it as your DNS. If you run Linux or one of the BSDs run nscd. This will significantly reduce DNS network traffic. I've used caching-only named before. At $JOB we use nscd to reduce DNS traffic on the network. It can make a noticeable difference for some apps.
 
Well I tried there was a program called DNS fast cache but sadly does not work on win 11

Network Downloads : FastCache /// AnalogX

Browse the web at lightning speed by accelerating DNS. Ok, maybe not lightning speed but faster!
www.analogx.com

I already run bind but I was looking to solve another problem with DNS on windows when one DNS fails
 
So I did some looking over on softpedia.com for a solution and found two programs one was DnsSpeeder which worked great but oddly no web site yet it downloaded so that was the 1st one I tried then I found a more upto date program Acrylic DNS Proxy and did not know what to make of it at 1st then it was less UI and more txt edit and it works well and does what I need.

Should anyone else be interested
https://www.softpedia.com/dyn-searc...icense=1&p_lastupdate=0&search_term=dns+proxy
 
I don't understand why you need any app to cache DNS when it is build into Windows. In a command window enter:
ipconfig /displaydns
 
Windows does not handle failed DNS that well like I have a NIC setup for the internet in a given way that its DNS is set to 127.0.0.1 which for some time no app runs on then I have other NIC to got to my bind also a router that handles DNS but don't allow until failover happens. In short windows sometime stills when doing a lookup which causes a delay.

Now no delay with Acrylic DNS Proxy.

Problem solved!
 
PeterUK said:
Windows does not handle failed DNS that well like I have a NIC setup for the internet in a given way that its DNS is set to 127.0.0.1 which for some time no app runs on then I have other NIC to got to my bind also a router that handles DNS but don't allow until failover happens. In short windows sometime stills when doing a lookup which causes a delay.

Now no delay with Acrylic DNS Proxy.

Problem solved!
Click to expand...
And none of what you mention even begins to consider that Windows can be configured to operate as an IPv6 first mode but I digress before I've even begun.

You can run something like Unbound locally on your machine but ultimately you have choices to make: how long to you cache positive responses for DNS lookups, and how long do you cache negative responses? Do you defer to the domain owners TTL (Time To Live) or do you override it and put in your own? Whatever answers you choose if you should pick to run Unbound on your LAN you should point it upstream to the fastest DNS service that suits your requirements.

Personally I value reliable DNS with my own choice of Ad filtering applied that, if over zealous, I can loosen the reins on if it blocks too much. A second or so longer waiting for an initial DNS resolution to work if way more valuable to me in removing the ads than sub millisecond responses might be.

Your mileage might vary but I run OPNsense in a VM running on a Windows 11 machine I only have around because I occasionally need Windows for something. I could just as easily be running it on an old spare laptop though and set it up to then forget about it. Whilst I'm only using it for a quick and handy way of configuring Unbound (that forwards internally to DNSCrypt Proxy to do the ultimate DNS lookup completely Anonymously) it's more than fast enough to stream Netflix / Prime Video etc. over (and YouTube), all ad-free. I'll take that any day over ads that became so intrusive they were just unbearably banal.

On a side note I'm not sure why Steve mentioned DNSCrypt as being no longer supported, it's alive and well and working very well on my LAN here. I'm assuming he means by Windows, MacOS and Linux, all of which have clients available such as DNSCrypt-Proxy and many others. https://dnscrypt.info/implementations Heck, even Quad9 supports it https://quad9.net/service/service-addresses-and-features/#dnscrypt
 
Like I said I run bind and now have Acrylic DNS Proxy forward to it with no cache but use the cache on bind.

On another note web browsers are really bad when it comes to getting DNS they don't seem to care about TTL...I wonder if there is a way to fix that....
 
PeterUK said:
Instead of the OS using one DNS IP to look up DNS why not have a way for one query to try many DNS servers at the same time?

Should you put on your system DNS as 127.0.0.1 then the DNS Benchmark service at a cost option fires the query to 1.1.1.1, 8.8.8.8 and 9.9.9.9 at the same time fastest reply back is allowed.
Click to expand...
Creating some sort of a DNS race will be more overhead to the underlying OS than it would be helpful , now you need to manage some sort of a state per query per X number of server , and what do you do if you get different answers ? who do you trust and maybe one answer is more complete than the other ?
One server provide that there is no such address answer and the 2 others say that there is , but the first answer is faster so who is right ? .
And we have not mentioned different TTLs.
Basically in the DNS world one would expect DNS servers to be reliable source of truth , but this is not always the case , and sometimes small bugs make different servers behave different.

To summarize things This will be a way harder to manage than querying multiple servers not to mention cases of split DNS which many organisations apply , it is just a new world of trouble.
 
Last edited:
Well Acrylic DNS Proxy does just that you put in many DNS it fires all of them off for the fastest reply.

Your likely thinking of that other idea I had and yes that is a problem and likely would not work for every DNS look.

But in not the case of that you don't have to care what the fastest reply was it will still be valid such that if you used 1.1.1.1 only vs 8.8.8.8 only the fact that if you used both given with different reply is just that if you used one or the other.
 
Only the most pedantic pedant cares about an extra 10ms here or there on a complex web page. Most people either don't choose their DNS and get what comes with their ISP's default configuration, or else they choose it based on a feature set. I, for example, choose Quad9 for the purported safety it provides. Other people actually pay for DNS and thus would be foolish to not use the service they're paying for.
 
You must log in or register to reply here.

Similar threads

BrianDead
  • Contains 1 staff post(s)
DNS queries are not being consistently answered
Replies
7
Views
915
DNS Benchmark
Steve
Steve
T
  • Contains 2 staff post(s)
Critical Error The DNS Benchmark has been modified since it was digitally signed
Replies
5
Views
193
DNS Benchmark
Steve
Steve
M
  • Contains 1 staff post(s)
DNS Benchmark 2.0 confusion
Replies
4
Views
199
DNS Benchmark
Steve
Steve
C
  • Contains 1 staff post(s)
DNS over TLS using IPv6
Replies
4
Views
113
DNS Benchmark
Steve
Steve
I
  • Contains 10 staff post(s)
DNS Benchmark V2 - Lost connectivity
Replies
54
Views
1K
DNS Benchmark
peterblaise
peterblaise
Top Bottom
Back