DNS Shotgun is a bechmarking tool specifically developed for realistic performance testing of DNS resolvers. Its goal is to simulate real clients and their behaviour, including timing of queries and realistic connection management, which are areas where traditional tools are lacking.
In this post, we describe the differences between the two widespread protocols for DNS encryption: DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). We compare the technical aspects of those protocols as well as their implications on user privacy. We also introduce Knot Resolver’s new built-in DoH support and explain some of our design decisions behind DoH.