In this paper, we study the performance of encrypted DNS protocols and conventional DNS from thousands of home networks in the United States, over one month in 2020. We perform these measurements from the homes of 2,768 participating panelists in the Federal Communications Commission's (FCC) Measuring Broadband America program. We found that clients do not have to trade DNS performance for privacy. For certain resolvers, DoT was able to perform faster than DNS in median response times, even as latency increased. We also found significant variation in DoH performance across recursive resolvers. Based on these results, we recommend that DNS clients (e.g., web browsers) should periodically conduct simple latency and response time measurements to determine which protocol and resolver a client should use. No single DNS protocol nor resolver performed the best for all clients.

中文翻译：

---

加密的 DNS 可以快速吗？

在本文中，我们研究了 2020 年超过一个月的时间，来自美国数千个家庭网络的加密 DNS 协议和传统 DNS 的性能。我们在联邦通信委员会 (FCC) 的 2,768 名参与小组成员的家中进行了这些测量衡量美国宽带计划。我们发现客户不必为了隐私而牺牲 DNS 性能。对于某些解析器，即使延迟增加，DoT 的中位响应时间也能比 DNS 更快。我们还发现递归解析器的 DoH 性能存在显着差异。基于这些结果，我们建议 DNS 客户端（例如 Web 浏览器）应定期进行简单的延迟和响应时间测量，以确定客户端应使用哪种协议和解析器。