As part of further comprehensive DNS research, this shares a snapshot of DNS response times for IPv6 and IPv4 Internet protocols and UDP and TCP transport protocols when auditing the 100 largest banks' domains during the week of August 25, 2019. These banks, as defined in the S&P Global Bank ranking (2018) based on total assets, range from ABN AMRO Group NV to Woori Bank.
This study represented 917 bank-related domains, such as aaanetaccess.com and abchina.com to yapikredi.com.tr and zaba.hr. (The domains included official domains, location-specific domains, infrastructure domains, subsidiary domains, and even some old domains from mergers or past names which are still registered.) This represents 7545 attempted root server queries, 19506 TLD queries, and 24086 other queries made to 2187 nameservers (as combined from two test systems). (No names were four or more levels deep.)
(While this study shows limited results from our ongoing banks research, we also do extensive DNS audits of Fortune 500 and US government and military domains and nameservers. Separate studies report on DNSSEC coverage, algorithm use, timings, IPv6 versus IPv4 coverage, lame servers, and more.)
To help separate outliers, the following graphs show four equally-sized groups with the average times in seconds for the first (fastest), second, third, and fourth (slowest) grouped responses --- and total averages. These graphs show the query times for the root servers, TLD nameservers, and the nameservers (and a few intermediary servers) hosting the banks' domains. Overall, the IPv4/UDP queries had the fastest responses and IPv4/TCP was over twice as slow.
The fastest single response in this run was IPv4/UDP querying for easycredit.de using its dns.noris.de nameserver (22.214.171.124) in 0.0008032321 seconds (less than a millisecond). (It was 7 hops away.)
The slowest working query (not including timeouts) was IPv4/TCP query for bankaustria.at using a b.root-servers.net nameserver (126.96.36.199) in 9.3808059692 seconds.
The ten fastest banks' average response times for all protocol types combined for only their authoritative or intermediary nameservers (and not roots or TLDs) were:
The ten slowest were:
(Of course this is only a single study from a couple of our European locations.)
Our DNS tests include DNSSEC auditing, and many checks based on common server limits, registry policies, US government mandates, and Internet standards requirements and best practices. As a related example, its checks for nameserver/domain combinations that are slower than the common 5 second timeout and are slower than a 98th percentile for our recorded IPv4, IPv6, UDP, and TCP combinations.
In this run, 17 successful responses was slower than the common timeout default of 5 seconds. For timeouts (giving up at 11 seconds), there were 362 IPv4/UDP timeouts (0.75% of the total queries), 219 IPv6/UDP timeouts (0.45%), 100 IPv6/TCP timeouts (0.2%), and 1194 IPv4/TCP timeouts (2.47%).
Only 216 out of 10789 queries in this study were slower than our 98th percentile for IPv4/UDP (0.2846076488 seconds).
Only 266 out of 13261 responses in this study were slower than our 98th percentile for IPv6/UDP (0.2945294380 seconds).
Only 220 out of 10974 responses in this study were slower than our 98th percentile for IPv4/TCP (0.6711165904 seconds).
Only 265 out of 13209 responses in this study were slower than our 98th percentile for IPv6/TCP (0.5896596908 seconds).
(This 98th percentile is adjusted periodically for each testing system.)
Checks like these can help identify potential problems for nameserver operators.
If you are interested in our full DNS audit service with over 70 measurements and checks (with cited references and supplemental consulting), please contact us.