# Add Homebrew tap
brew tap taihen/dns-benchmark
# Update to latest version
brew install taihen/tap/dns-benchmarkDownload the latest release from the releases page or build from source (see Building section below).
This command-line tool benchmarks the performance and features of DNS resolvers. It helps users identify the fastest and most reliable recursive DNS server for their current network conditions by measuring various metrics across different protocols (UDP, TCP, DoT, DoH, DoQ).
Visit taihen.org for introductory announcement.
Warning
Ethical Querying: This tool implements safe querying practices (rate limiting, controlled concurrency) to avoid abusing public DNS services. Please use it responsively.
- Protocols Supported:
- UDP (default)
- TCP (
tcp://prefix) - DNS over TLS (DoT) (
tls://prefix) - DNS over HTTPS (DoH) (
https://prefix) - DNS over QUIC (DoQ) (
quic://prefix)
- Metrics Measured:
- Cached Latency: Average and Standard Deviation for resolving likely cached domains.
- Uncached Latency: Average and Standard Deviation for resolving unique, likely uncached domains.
- Reliability: Percentage of successful latency queries.
- .com Latency: Latency for resolving a unique
.comdomain (-dotcomflag).
- Resolver Checks:
- DNSSEC Validation: Checks if the resolver validates DNSSEC signatures (
-dnssecflag, default: false). - NXDOMAIN Hijacking: Detects if the resolver redirects non-existent domains (
-nxdomainflag, default: false). - DNS Rebinding Protection: Checks if the resolver blocks queries for domains resolving to private IPs (
-rebindingflag, default: false). - Response Accuracy: Verifies if the resolver returns the expected IP for a known domain (requires
-accuracy-fileflag).
- DNSSEC Validation: Checks if the resolver validates DNSSEC signatures (
- Configuration:
- Use built-in list of common public resolvers (Cloudflare, Google, Quad9, Adguard).
- Provide a custom list of servers via file (
-f <filename>), including protocol prefixes. - Include system-configured DNS servers (UDP only) (
-systemflag, default: true unless-fis used). - Adjust number of queries (
-n, default: 50), timeout (-t), concurrency (-c), and rate limit (-rate).
- Output:
- Formatted console table with results sorted by uncached latency.
- Console summary recommending the fastest reliable server and highlighting potential issues.
- CSV output (
-format csv). - JSON output (
-format json). - Option to write output to a file (
-o <filename>).
# Using Makefile (recommended)
make build
# Or directly with Go
go build -o dns-benchmark ./cmd/main.go# See all available commands
make help
# Build and run
make run
# Run tests
make test
# Format, lint, and test
make check
# Build for all platforms
make build-allThis will create an executable named dns-benchmark in the current directory.
# Print version information
./dns-benchmark --version
# Print usage help
./dns-benchmark -h
# Run with defaults (UDP, default servers, system DNS)
./dns-benchmark
# Run with custom server list file, 5 queries, 1s timeout
./dns-benchmark -f my_servers.txt -n 5 -t 1s
# Run with defaults, but enable .com check and output to JSON file
./dns-benchmark -dotcom -format json -o results.json
# Run with defaults, enable DNSSEC, NXDomain Hijack and Rebinding checks
./dns-benchmark -dnssec -rebinding -nxdomain
# Run accuracy check using a file (e.g., accuracy.txt containing "mydomain.com 1.2.3.4")
./dns-benchmark -accuracy-file accuracy.txt
# Get help
./dns-benchmark -h- DoH requests include a
User-Agentheader:dns-benchmark/1.0 (+https://github.com/taihen/dns-benchmark) - Accuracy check requires a file where each line contains a domain and its expected IP, separated by whitespace. The tool uses the first valid entry found.
- Rebinding check uses a placeholder domain (
private.dns-rebinding-test.com.); replace this constant in the code if you have a specific test domain resolving to a private IP. - Results reflect network conditions at the time of the test. Run multiple times for a broader picture.
- Please use responsibly and avoid excessive querying.