Query Times Report 2019-08 for Top 100 Banking Institutions

As part of further comprehensive DNS research, this shares a snapshot of DNS response times for IPv6 and IPv4 Internet protocols and UDP and TCP transport protocols when auditing the 100 largest banks' domains during the week of August 25, 2019. These banks, as defined in the S&P Global Bank ranking (2018) based on total assets, range from ABN AMRO Group NV to Woori Bank.

This study represented 917 bank-related domains, such as aaanetaccess.com and abchina.com to yapikredi.com.tr and zaba.hr. (The domains included official domains, location-specific domains, infrastructure domains, subsidiary domains, and even some old domains from mergers or past names which are still registered.) This represents 7545 attempted root server queries, 19506 TLD queries, and 24086 other queries made to 2187 nameservers (as combined from two test systems). (No names were four or more levels deep.)

(While this study shows limited results from our ongoing banks research, we also do extensive DNS audits of Fortune 500 and US government and military domains and nameservers. Separate studies report on DNSSEC coverage, algorithm use, timings, IPv6 versus IPv4 coverage, lame servers, and more.)

To help separate outliers, the following graphs show four equally-sized groups with the average times in seconds for the first (fastest), second, third, and fourth (slowest) responses --- and total averages. These graphs show the query times for the root servers, TLD nameservers, and the nameservers (and a few intermediary servers) hosting the banks' domains. Overall, the IPv4/UDP queries had the fastest responses and IPv4/TCP was over twice as slow.

NOTES:

  • These are all SOA record type queries.
  • This excludes queries that timed-out (11 seconds) or failed.
  • This includes third-level delegations who aren't authoritative too.
  • Each query was done twice, once from two different networks (ASN 24940 in Germany and ASN 24669 in the UK.) (We also have other systems globally.)
  • This excludes TCP queries that followed any successful UDP truncated results.
  • These graphs don't show quarters of the year. They are like quartiles showing the response times as averages for four groupings of the results. These show a large performance drop for the 25% slowest responses.
  • Later, we may provide charts for specific TLDs/ccTLDs, specific root servers, different record types, popular third-party DNS hosting services, etc. (We don't plan to target the root servers or TLDs as much though.)

For Fun:

The fastest single response in this run was IPv4/UDP querying for easycredit.de using its dns.noris.de nameserver (192.109.102.65) in 0.0008032321 seconds (less than a millisecond). (But it is only 7 hops away.)

The slowest working query (not including timeouts) was IPv4/TCP query for bankaustria.at using a b.root-servers.net nameserver (199.9.14.201) in 9.3808059692 seconds.

The ten fastest banks' average response times for all protocol types combined for only their authoritative or intermediary nameservers (and not roots or TLDs) were:

  1. 0.0131477 Lloyds Banking Group PLG
  2. 0.0148316 Canadian Imperial Bank of Commerce
  3. 0.0153196 Bank of New York Mellon Corp.
  4. 0.0156586 Citigroup Inc.
  5. 0.0160107 Royal Bank of Scotland Group PLO
  6. 0.0160298 Goldman Sachs Group Inc.
  7. 0.016814 Nationwide Building Society
  8. 0.020589 Credit Agricole Group
  9. 0.0244914 Crédit Mutuel Group
  10. 0.0270237 CaixaBank SA

The ten slowest were:

  • 0.397229 KB Financial Group Inc
  • 0.400824 NongHyup Financial Group Inc.
  • 0.409219 Japan Post Bank Co. Ltd.
  • 0.438898 Bank of Jiangsu Co. Ltd.
  • 0.442087 Industrial and Commercial Bank of China Ltd.
  • 0.44838 China Minsheng Banking Corp. Ltd
  • 0.452263 China Merchants Bank Co Ltd.
  • 0.453609 Postal Savings Bank of China Co. Ltd.
  • 0.479645 Bank of China Ltd
  • 0.623609 Bank of Shanghai Co. Ltd.

(Of course this is only a single study from a couple of our European locations.)

Our DNS tests include DNSSEC auditing, and many checks based on common server limits, registry policies, US government mandates, and Internet standards requirements and best practices. As a related example, its checks for nameserver/domain combinations that are slower than the common 5 second timeout and are slower than a 98th percentile for our recorded IPv4, IPv6, UDP, and TCP combinations.

In this run, 17 successful responses was slower than the common timeout default of 5 seconds. For timeouts (giving up at 11 seconds), there were 362 IPv4/UDP timeouts (0.75% of the total queries), 219 IPv6/UDP timeouts (0.45%), 100 IPv6/TCP timeouts (0.2%), and 1194 IPv4/TCP timeouts (2.47%).

Only 216 out of 10789 queries in this study were slower than our 98th percentile for IPv4/UDP (0.2846076488 seconds).

Only 266 out of 13261 responses in this study were slower than our 98th percentile for IPv6/UDP (0.2945294380 seconds).

Only 220 out of 10974 responses in this study were slower than our 98th percentile for IPv4/TCP (0.6711165904 seconds).

Only 265 out of 13209 responses in this study were slower than our 98th percentile for IPv6/TCP (0.5896596908 seconds).

(This 98th percentile is adjusted periodically for each testing system.)

Checks like these can help identify potential problems for nameserver operators.

If you are interested in our full DNS audit service with over 70 measurements and checks (with cited references and supplemental consulting), please contact us.