Abstract
In recent years, encrypted DNS such as DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) has gained significant traction as privacy-preserving alternative to conventional DNS. While several studies have measured the performance of encrypted DNS relative to conventional DNS, they are only performed over IPv4, little has been done to understand their status over IPv6. Besides, previous studies can not obtain the absolute query latency due to lack of control over vantage points.This paper performs by far the fist end-to-end performance measurements on encrypted DNS over IPv6. By analyzing measurement results, we have gained several insights. In general, the quality of service for encrypted DNS is satisfying. Over IPv6, encrypted DNS performance varies across resolvers, and is affected by the location issuing DNS queries, the type of encrypted DNS protocol used and the latency to resolvers. Compared with IPv4, the performance of encrypted DNS of different resolvers over IPv6 is improved to some extent. In addition, we also find other problems such as the quality of service of resolver Ahadns is significantly low both over IPv6 and IPv4, as well as the performance of encrypted DNS for resolver Alidns significantly deteriorates when switching from IPv4 to IPv6. Based on our observations, we provide recommendations and discuss situations in which switching to IPv6 may be beneficial. We hope that our tools developed for performing measurements can help people in different regions to choose to the right recursive resolver and network environment, and that our findings can contribute to improve IPv6 Internet infrastructure and inform continuing encrypted DNS deployment over IPv6.