DNS over TLS and a weird behavior UDP vs TCP
I spent quite some time to try to figure out why UDP DNS lookups (which are the default) were slower than TCP lookups on all my Macs in my home network, as confirmed by running
dig @220.127.116.11 somedomain.com with
dig @18.104.22.168 somedomain.com +tcp.
I still haven't figured that one out. TCP lookups are consistently faster than UDP ones, and it should be the opposite. I tried different MTU settings to no avail.
Since I was looking into DNS stuff, I switched to DNS over TLS using Stubby, and I was surprised because DNS lookups are MUCH faster now than regular lookups.
So I have two questions for any DNS experts here:
- What could cause UDP lookups to be slower than TCP lookups? Can it be a problem with the router/switch I was given by my ISP?
- Why are DoT lookups faster than regular lookups? I wasn't expecting that due to the overhead of the encryption.