<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="Generator" content="Microsoft Word 15 (filtered medium)"> <style></style> </head> <body lang="PL" link="blue" vlink="purple"> <div class="WordSection1"> <p class="MsoNormal"><span lang="EN-US">Just to confirm I verified what exactly dig measures. For example, this dig takes 8ms (which is always rounded):<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">[gponikie@krk-mptoy atlas_day68_step1]$ dig +tcp example.com @1.1.1.1<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">; <<>> DiG 9.14.3 <<>> +tcp example.com @1.1.1.1<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;; global options: +cmd<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;; Got answer:<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14416<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;; OPT PSEUDOSECTION:<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">; EDNS: version: 0, flags:; udp: 1452<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;; QUESTION SECTION:<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;example.com. IN A<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;; ANSWER SECTION:<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">example.com. 5212 IN A 93.184.216.34<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;; Query time: 8 msec<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;; SERVER: 1.1.1.1#53(1.1.1.1)<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;; WHEN: Tue Jul 09 13:17:55 CEST 2019<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt">;; MSG SIZE rcvd: 56<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US">If you check it with wireshark it looks like this:<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Andale Mono"">No. Time Source Destination Protocol Length Window size value Shift count Info<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Andale Mono""> 1 13:17:55.014898 192.168.1.83 1.1.1.1 TCP 78 65535 6 53593 → 53 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=676915370 TSecr=0 SACK_PERM=1<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Andale Mono""> 2 13:17:55.029784 1.1.1.1 192.168.1.83 TCP 74 29200 10 53 → 53593 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1412 SACK_PERM=1 WS=1024<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Andale Mono""> 3 13:17:55.029883 192.168.1.83 1.1.1.1 TCP 54 4096 53593 → 53 [ACK] Seq=1 Ack=1 Win=262144 Len=0<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Andale Mono""> <span style="background:yellow;mso-highlight:yellow">4 13:17:55.030041 192.168.1.83 1.1.1.1 DNS 108 4096 Standard query 0x3850 A example.com OPT</span><o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Andale Mono""> 5 13:17:55.038351 1.1.1.1 192.168.1.83 TCP 68 29 53 → 53593 [ACK] Seq=1 Ack=55 Win=29696 Len=0<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Andale Mono""> <span style="background:yellow;mso-highlight:yellow">6 13:17:55.038572 1.1.1.1 192.168.1.83 DNS 120 29 Standard query response 0x3850 A example.com A 93.184.216.34 OPT</span><o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Andale Mono""> 7 13:17:55.038624 192.168.1.83 1.1.1.1 TCP 54 4095 53593 → 53 [ACK] Seq=55 Ack=59 Win=262080 Len=0<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Andale Mono""> 8 13:17:55.039580 192.168.1.83 1.1.1.1 TCP 54 4096 53593 → 53 [FIN, ACK] Seq=55 Ack=59 Win=262144 Len=0<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Andale Mono""> 9 13:17:55.047201 1.1.1.1 192.168.1.83 TCP 68 29 53 → 53593 [FIN, ACK] Seq=59 Ack=56 Win=29696 Len=0<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" style="font-size:9.0pt;font-family:"Andale Mono""> 10 13:17:55.047273 192.168.1.83 1.1.1.1 TCP 54 4096 53593 → 53 [ACK] Seq=56 Ack=60 Win=262144 Len=0<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US">From this traffic looks like dig measures time between packets 4 (DNS query) and 6 (DNS response) which is precisely 8.5ms and matches what dig shows. Including TCP handshake it takes 23.7ms, 2.8x longer which is expected .<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US">RTT can be measured on different layers for the same communication stream. In case of DNS over UDP we just ignores UDP overhead because it doesn't add any packets. With TCP additional packets are added which significantly increase time that end-user have to wait from first packet to get information that he/she needs. IMO RTT should always be measured from 1<sup>st</sup> packet to packet which has information that you have actual data. If we want to measure raw DNS performance without overhead then it must be explicitly market it measurement description.<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <div> <p class="MsoNormal"><span lang="EN-US">Regards,<o:p></o:p></span></p> </div> <p class="MsoNormal"><span lang="EN-US">Grzegorz</span><span lang="EN-US"><o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm"> <p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">Giovane Moura <giovane.moura@sidn.nl><br> <b>Date: </b>Friday 2019-07-05 at 14:34<br> <b>To: </b>"ripe-atlas@ripe.net" <ripe-atlas@ripe.net><br> <b>Subject: </b>[atlas] DNS RTT over TCP: twice as long than UDP?<o:p></o:p></span></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">Folks,<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">This page at Atlas provides a great visualization on the RTT of DNS<o:p></o:p></p> </div> <div> <p class="MsoNormal">queries over TCP/UDP to the Root DNS servers:<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal"><a href="https://atlas.ripe.net/results/maps/root-server-performance/">https://atlas.ripe.net/results/maps/root-server-performance/</a><o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">We can see that the RTT of TCP queries is at least twice as long than<o:p></o:p></p> </div> <div> <p class="MsoNormal">UDP ones (which, according to the page " TCP is expected to be 2-3 times<o:p></o:p></p> </div> <div> <p class="MsoNormal">" longer.<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">I cannot replicate these results in my setup, even in large scale from<o:p></o:p></p> </div> <div> <p class="MsoNormal">various vantage points: I always get very similar results for either TCP<o:p></o:p></p> </div> <div> <p class="MsoNormal">or UDP. Example:<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">UDP:<o:p></o:p></p> </div> <div> <p class="MsoNormal"> * $ dig example.nl @ns1.dns.nl<o:p></o:p></p> </div> <div> <p class="MsoNormal"> Query time: 8 msec<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">TCP:<o:p></o:p></p> </div> <div> <p class="MsoNormal"> * $dig +tcp example.nl @ns1.dns.nl<o:p></o:p></p> </div> <div> <p class="MsoNormal"> Query time: 9 msec<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">I think there might be something with the definition of RTT.<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">My hypothesis is that the field *rtt* on DNS queries on Atlas[1], for<o:p></o:p></p> </div> <div> <p class="MsoNormal">TCP, is, in fact, measuring 2 RTTs: the RTT of the TCP handshake, and<o:p></o:p></p> </div> <div> <p class="MsoNormal">the RTT of query/response itself.<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">By definition, however, RTT is "the length of time it takes for a<o:p></o:p></p> </div> <div> <p class="MsoNormal">signal to be sent plus the length of time it takes for an<o:p></o:p></p> </div> <div> <p class="MsoNormal">acknowledgement of that signal to be received."[2]. So if DNS TCP<o:p></o:p></p> </div> <div> <p class="MsoNormal">measurements starts measuring from the SYN packet, that', in fact, be<o:p></o:p></p> </div> <div> <p class="MsoNormal">two RTTs. Is this the case with Atlas?<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">I know it may sound a bit like nitpicking, but I just want to be sure of<o:p></o:p></p> </div> <div> <p class="MsoNormal">what's exactly being measured.<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">thanks a lot,<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">/giovane<o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> <div> <p class="MsoNormal">[1] <a href="https://atlas.ripe.net/docs/data_struct/#v4750_dns"> https://atlas.ripe.net/docs/data_struct/#v4750_dns</a><o:p></o:p></p> </div> <div> <p class="MsoNormal">[2] <a href="https://en.wikipedia.org/wiki/Round-trip_delay_time"> https://en.wikipedia.org/wiki/Round-trip_delay_time</a><o:p></o:p></p> </div> <div> <p class="MsoNormal"><o:p> </o:p></p> </div> </div> </body> </html>