AdGuardDNS icon indicating copy to clipboard operation
AdGuardDNS copied to clipboard
verified publisher icon AdguardTeam

Issue: AdGuard DNS servers do have spikes and high latency when testing them via tools like (Smokeping, dnseval, dnsping)

Open pictosun opened this issue 1 year ago • 5 comments

Hi,

after some weeks of testing and comparing I found out, that in general the latency of AdGuard DNS servers is quite good, but it does have many spikes within.

As I do have sometimes longer waiting times for dns responses I started to make some measurements to see whats going on.

When testing via DNSdiag tools for example I do get spikes during testing.

Here some code to test yourself: (From https://dnsdiag.org/ > install for Linux) dnsping -c 50 --dnssec --flags -tls -t AAAA -s 94.140.14.49 1.1.1.1 (you can change 1.1.1.1 to some other IP/domain) dnseval --dnssec -t AAAA -f public-servers.txt -c100 -C 1.1.1.1 (public-servers.txt like you want - but you should include 94.140.14.49 and 94.140.14.59 for AdGuard DNS)

I think all requests go to german servers in my case.

As you can see from my Smokeping results it shows the same issues (especially during daytime - maybe because of high server load or many users?) The issues are only there for AdGuard DNS (see am/as > the ratio of average median and average standard deviation)

I used https://oss.oetiker.ch/smokeping/probe/DNS.en.html for the following screenshot and explanation for reading the graphs is here: https://oss.oetiker.ch/smokeping/doc/reading.en.html

Smokeping12h Smokeping10d

pictosun avatar Jul 01 '24 12:07 pictosun

But standard deviation is 0.6-0.8ms according to the chart. I wonder could it be that the test runs into the deployment on our side that causes a timeout or something like that?

As I understand, smokeping just uses dig? What if you force TCP there, will it change anything?

ameshkov avatar Jul 01 '24 14:07 ameshkov

As I understand, smokeping just uses dig? What if you force TCP there, will it change anything?

Yes. Have to look into more details concerning smokeping.

But after a short test with: dnsping -T -c 50 --dnssec --flags -tls -t AAAA -s 94.140.14.49 1.1.1.1 (Forcing TCP)

I can already see those spikes.

TCP_dnsping

pictosun avatar Jul 01 '24 14:07 pictosun

Generally, nothing wrong with dnsping results, it may happen.

For instance, when testing cloudflare DNS I see much larger spikes.

--- 1.1.1.1 dnsping statistics ---
50 requests transmitted, 50 responses received, 0% lost
min=3.754 ms, avg=13.434 ms, max=408.004 ms, stddev=56.987 ms

And at the same time I don't see any large losses from that place to AG DNS (also Frankfurt), but I am pretty sure if I wait longer I will eventually see some spikes.

--- 94.140.14.14 dnsping statistics ---
50 requests transmitted, 50 responses received, 0% lost
min=14.185 ms, avg=25.494 ms, max=49.737 ms, stddev=7.900 ms

A packet got lost and a retransmission was required thus there's a small spike, nothing out of the ordinary.

ameshkov avatar Jul 01 '24 15:07 ameshkov

I did adopt the smokeping testing to TCPPing (5 pings every 300 seconds). (https://oss.oetiker.ch/smokeping/probe/TCPPing.en.html)

These are the results for the last 12h.

TCPPing 12h

pictosun avatar Jul 02 '24 14:07 pictosun

Again those spikes during primetime.... TCPPing

pictosun avatar Jul 06 '24 17:07 pictosun