Performance vs nextdns cli on the same device

@timkgh commented on Mon Sep 13 2021

Issue Details

Version of AdGuard Home server: v0.106.3
How did you install AdGuard Home: manual, just run the executable on an EdgeRouter ER-12
How did you setup DNS configuration: router
If it's a router or IoT, please write device model: EdgeRouter ER-12
CPU architecture: mips64_softfloat
Operating system and version: EdgeOS v2.0.9-hotfix.2

Expected Behavior

Should be as fast as possible

Actual Behavior

Running nextdns cli and AGH on the same device. Both are doing caching. Sending the same query for cached entries, multiple times:

nextdns consistently responds in <1ms, 0ms as reported by dig query time
AGH fluctuates between 3-11ms, as reported by dig query time The client is on the same LAN, Linux machine wired to the router, typical ping time between the 2 is 0.2ms These queries do not go to the upstream servers, they are all cached. The first query is slower because it does go to the upstream, but I'm only looking at subsequent queries, once cached.

FWIW, if I enable verbose logging for AGH, it is even slower, but that's fine, not too concerned about it as I would not be running it like that in general.

Any ideas why the difference? While 11ms is not a lot in general, it is on the LAN when I expect the cache to already have the answer and when I compare it to nextdns cli, also written in Go.

@ameshkov commented on Tue Sep 14 2021

Hi, what's your complete configuration? Blocklists, browsing security, parental control?

@timkgh commented on Wed Sep 15 2021

The default adguard block list plus browsing security and parental control options checked. I disabled browsing security and parental control and it's not any faster. These entries should be cached. Do they still get checked on every request once cached? I would think it should be super fast to just serve an answer from the cache (the cache is also small, just a few entries as I'm not using it for more than testing right now).

FWIW, the query time numbers I consistently see are 3ms, 7ms, 11ms, nothing else :)

@timkgh commented on Tue Sep 14 2021

Looking at verbose logging, I can answer my own question above, once cached these entries are fast to check against browsing security and parental control, e.g.

2021/09/14 17:12:31.641503 24328#77 [debug] SafeBrowsing: found in cache: google.com: not blocked
2021/09/14 17:12:31.642119 24328#77 [debug] github.com/AdguardTeam/AdGuardHome/internal/dnsfilter.(*DNSFilter).checkSafeBrowsing(): SafeBrowsing lookup for google.com; Elapsed time: 0ms

2021/09/14 17:12:31.642751 24328#77 [debug] Parental: found in cache: google.com: not blocked
2021/09/14 17:12:31.643416 24328#77 [debug] github.com/AdguardTeam/AdGuardHome/internal/dnsfilter.(*DNSFilter).checkParental(): Parental lookup for google.com; Elapsed time: 0ms

@timkgh commented on Tue Sep 14 2021

One more data point, I also tried running it on a Netgear R7800 armv7 running OpenWRT. I see roughly the same behavior: 3ms and 7ms response times, but no 11ms ...

AdguardTeam / dnsproxy