Skip to content(if available)orjump to list(if available)

Show HN: DNS Benchmark Tool – Compare and monitor resolvers

Show HN: DNS Benchmark Tool – Compare and monitor resolvers

11 comments

·November 19, 2025

I built a CLI to benchmark DNS resolvers after discovering DNS was adding 300ms to my API requests.

v0.3.0 just released with new features: compare: Test single domain across all resolvers top: Rank resolvers by latency/reliability/balanced monitor: Continuous tracking with threshold alerts

1,400+ downloads in first week.

Quick start: pip install dns-benchmark-tool dns-benchmark compare --domain google.com

CLI stays free forever. Hosted version (multi-region, historical tracking, alerts) coming Q1 2026.

GitHub: https://github.com/frankovo/dns-benchmark-tool Feedback: https://forms.gle/BJBiyBFvRJHskyR57

Built with Python + dnspython. Open to questions and feedback!

Visit

WarOnPrivacy

The Spinrite guy was the first to do this (I think). https://www.grc.com/dns/benchmark.htm

That said, more options are good. I'll give this one a go.

whalesalad

Works on Linux with Wine too =)

null

[deleted]

1970-01-01

Here's my take. Ads will happily eat 300ms per webpage if you allow them to load. A fast DNS is great, but an adblocking DNS will save you much more time if you're just browsing.

m3047

DNS is utilized for many things besides looking up web sites (and consequently ads on web sites). DNS was used for many things etcd was invented to solve, and still is by many. Adblocking is kidstuff; the bearded, motorcycle riding, gun-shooting, jumping out of airplanes and hanging off of rocks jackals use a "DNS firewall" (just posted this the other day): https://www.dnsrpz.info/ and Dnstap for application-level DNS logging.

jeffbee

I doubt that your conclusion is correct (because local DNS resolvers that consult blocklists are often surprisingly slow) but I think your theory of the matter is accurate. The raw speed of the DNS server is almost irrelevant because there are other much larger systemic performance issues at stake. For example Cloudflare does not forward EDNS to the origin, so the records it returns are suboptimal for services that use DNS-based service affinity. It doesn't make a difference to me if Cloudflare is a few microseconds faster — and by the way I sincerely doubt that this python program is observing meaningful microsecond-scale differences — because overall it makes applications slower.

PcChip

is this similar to the GRC tool?

jeffbee

You are, presumably, already familiar with the ISC Looking Glass?

https://isc.sans.edu/api/dnslookup/google.com

johng

Very neat tool!

mrngm

https://github.com/farrokhi/dnsdiag is another great toolbox for looking into DNS problems.

m3047

Things built with asyncio and dnspython are close to my heart. ;-)

So, my impression from the doc (and a quick browse of the code) is that this is a tool for monitoring DNS caching / recursing resolver (RD) performance, not authoritative. If performance really matters to you, you should be running your own resolver(s). [0] Granted, you will quickly realize that some outfits running auth servers seem to understand that they're dependent on caching / recursing resolvers, and some are oblivious. Large public servers (recursing and auth) tend to "spread the pain" and so most people don't feel the bumps; but when they fall over they fall over large, and they bring some principles (and thereby create "vulnerabilities") at odds with what the DNS was architected for and throw the mitigation on the other operators, including operators who never accepted these self-anointed principles to begin with.

I have a hard time understanding how DNS is adding 300ms to every one of your API requests... unless DNS is both the API and transport, or you're using negative TTLs /s.

Good doc, by the way.

[0] Actual resolvers. Not forwarders.