How to Test Your DNS Speed

DNS resolution adds latency to every connection your users make. Before a browser can load your website, it needs to resolve your domain name to an IP address. That lookup takes anywhere from 1ms (cached locally) to 200ms or more (uncached, through a slow resolver). For websites that load dozens of resources from multiple domains, slow DNS compounds across every request.

Testing your DNS speed tells you whether your DNS infrastructure is a bottleneck, how different resolvers perform for your users, and whether your authoritative nameservers are responding quickly enough. This guide covers the tools and methods for measuring DNS performance accurately. For general DNS troubleshooting, see the DNS Troubleshooting Guide.

What DNS Speed Actually Means

"DNS speed" can refer to two different things, and it is important to distinguish them.

Recursive Resolver Speed

This is the speed of the DNS resolver that your device queries. It is the server configured in your network settings (or assigned by your ISP). When you test DNS speed using tools like Google's Namebench or GRC's DNS Benchmark, you are measuring how quickly different recursive resolvers respond to your queries.

Recursive resolver speed depends on:

• Network proximity: How many network hops separate you from the resolver.
• Cache hit rate: A resolver that serves a cached answer responds in under 1ms. A resolver that must query authoritative servers adds 20-100ms.
• Server load: An overloaded resolver responds slowly to all queries.
• Anycast routing: Major resolvers like Cloudflare (1.1.1.1) and Google (8.8.8.8) use anycast to route queries to the nearest data center.

Authoritative Nameserver Speed

This is the speed at which your domain's nameservers respond to queries. It affects every user who makes an uncached query for your domain, regardless of which resolver they use.

Authoritative nameserver speed depends on:

• Server location: Nameservers geographically closer to the resolver respond faster.
• Anycast deployment: DNS providers with global anycast networks respond faster from more locations.
• Zone complexity: Large zones with many records may take marginally longer to query.
• Server capacity: Overloaded nameservers respond slowly or drop queries.

Testing with dig

The dig command is the most direct way to measure DNS query time:

# Query a specific resolver
dig example.com @8.8.8.8

# The output includes query time:
;; Query time: 23 msec

The "Query time" line shows how long the DNS resolution took in milliseconds. Run the command multiple times to get a representative sample:

# Test multiple resolvers
for dns in 8.8.8.8 1.1.1.1 9.9.9.9 208.67.222.222; do
    echo "Testing $dns:"
    dig example.com @$dns | grep "Query time"
done

Testing Authoritative Nameserver Speed

Query your authoritative nameservers directly to measure their response time without resolver caching:

# Find your nameservers
dig NS example.com +short

# Query each one directly
dig example.com @ns1.dnsprovider.com | grep "Query time"
dig example.com @ns2.dnsprovider.com | grep "Query time"

Cold vs Warm Queries

The first query to a resolver for a domain is a "cold" query. The resolver has no cached answer and must query authoritative nameservers. Subsequent queries for the same domain (within the TTL) are "warm" queries served from cache.

To test cold query performance, query for a random subdomain that has never been queried before:

dig randomstring12345.example.com @8.8.8.8 | grep "Query time"

If the subdomain does not exist, you get an NXDOMAIN response, but the query time still reflects the full resolution path.

For more on using dig, see the dig Command Guide.

DNS Benchmark Tools

DNS Benchmark (GRC)

GRC's DNS Benchmark (Windows) tests the performance of DNS resolvers by sending a series of queries and measuring response times. It tests cached, uncached, and "dotcom" (TLD server) performance and ranks resolvers by speed.

The tool is free, runs as a standalone executable, and provides detailed graphs and statistics. It tests against a default list of public resolvers and your ISP's resolver.

Namebench (Google)

Namebench is an open-source DNS benchmark tool that tests resolvers and recommends the fastest one for your location. It sends thousands of queries using a list of popular domains and measures response times.

Namebench has not been updated in years, but it still works for basic resolver benchmarking.

dnsperf

For testing authoritative nameserver performance under load, dnsperf (maintained by DNS-OARC) sends queries at a configurable rate and measures latency, throughput, and error rates:

# Install dnsperf (varies by OS)
# Create a query file
echo "example.com A" > queries.txt
echo "www.example.com A" >> queries.txt
echo "mail.example.com MX" >> queries.txt

# Run benchmark against your nameserver
dnsperf -s ns1.dnsprovider.com -d queries.txt -l 30

dnsperf is the standard tool for DNS performance testing and is used by DNS providers to benchmark their infrastructure.

dnstop / queryperf

Other tools in the DNS-OARC toolkit include queryperf (similar to dnsperf) and dnstop, which monitors DNS traffic in real time and shows query rates, response times, and top queried domains.

What Good DNS Performance Looks Like

Recursive Resolver Benchmarks

For recursive resolvers, typical response times from a well-connected location:

• Cached query: less than 1ms (served from the resolver's memory)
• Uncached query to a fast authoritative server: 10-50ms
• Uncached query to a slow or distant authoritative server: 50-200ms
• Query requiring multiple resolution steps (CNAME chains, delegations): 50-150ms

If your recursive resolver consistently returns uncached queries in over 100ms, consider switching to a faster resolver.

Authoritative Nameserver Benchmarks

For authoritative nameservers, response times depend on the geographic distance between the resolver and the nameserver:

• Same continent, anycast provider: 5-20ms
• Cross-continent, anycast provider: 20-80ms
• Single-location nameserver, same region: 5-30ms
• Single-location nameserver, cross-continent: 100-250ms

Major DNS providers (Cloudflare, Route 53, Google Cloud DNS, NS1) typically respond in under 30ms from most locations worldwide due to their anycast networks.

Factors That Affect DNS Speed

TTL Values

TTL (Time to Live) determines how long resolvers cache your records. Higher TTLs mean more queries are served from cache (fast) rather than hitting your authoritative servers (slower). Lower TTLs mean more uncached queries.

A TTL of 300 seconds (5 minutes) means resolvers query your authoritative servers at most every 5 minutes per record. A TTL of 86400 seconds (24 hours) means at most once per day.

For most websites, a TTL of 300-3600 seconds balances freshness with cache performance. See DNS Caching and TTL for details.

CNAME Chains

A CNAME record adds an extra resolution step. If www.example.com is a CNAME to example.com.cdn.provider.com, the resolver must first resolve the CNAME, then resolve the target. Each step adds latency.

Avoid CNAME chains (a CNAME pointing to another CNAME pointing to another CNAME). Each link in the chain adds a resolution step.

DNS Provider Network

The geographic distribution of your DNS provider's nameservers directly affects response times for users worldwide. A provider with nameservers only in the US will respond slowly to queries from Asia or Europe. A provider with anycast nodes on every continent responds quickly everywhere.

DNSSEC

DNSSEC adds cryptographic validation to DNS responses, which increases response sizes and may add a small amount of latency for the validation step at the resolver. The impact is typically minimal (a few milliseconds) but measurable under load testing.

Improving DNS Speed

Switch to a Faster Resolver

If your ISP's resolver is slow, switch to a public resolver with better performance from your location. Popular options:

• Cloudflare DNS (1.1.1.1, 1.0.0.1): Consistently among the fastest globally.
• Google Public DNS (8.8.8.8, 8.4.4.8): Fast and reliable with global anycast.
• Quad9 (9.9.9.9): Includes built-in malware filtering.

See Public DNS Providers for a full comparison.

Choose a DNS Provider with Global Anycast

For your authoritative nameservers, choose a provider with a large anycast network. This ensures that queries from any location are answered by a nearby server.

Optimize TTL Values

Increase TTL values for records that change infrequently. Your domain's A record for the main website probably does not change daily, so a TTL of 3600 or higher reduces the number of uncached queries and improves the user experience.

Reduce CNAME Chains

Where possible, use A/AAAA records instead of CNAMEs. If you must use a CNAME, keep the chain to a single hop.

Prefetch DNS in Your HTML

Add DNS prefetch hints to your web pages for third-party domains:

<link rel="dns-prefetch" href="//cdn.example.com">
<link rel="dns-prefetch" href="//analytics.example.com">

This tells the browser to resolve these domains in the background before they are needed, reducing perceived latency.

Monitoring DNS Speed Over Time

One-off tests give you a snapshot, but DNS performance fluctuates. Network conditions change, resolvers get upgraded or overloaded, and your DNS provider's infrastructure evolves.

Set up ongoing monitoring that measures DNS response times at regular intervals from multiple locations. This reveals performance trends, identifies degradations, and provides baseline data for comparison.

For continuous monitoring of your DNS records and performance, see DNS Monitoring Explained.

References

1. GRC, "DNS Benchmark," https://www.grc.com/dns/benchmark.htm
2. DNS-OARC, "dnsperf," https://www.dns-oarc.net/tools/dnsperf
3. Cloudflare, "1.1.1.1 DNS Resolver," https://developers.cloudflare.com/1.1.1.1/
4. RFC 1035, "Domain Names - Implementation and Specification," November 1987. https://datatracker.ietf.org/doc/html/rfc1035