r7800 - Stubby vs DNSCrypt-Proxy Performance?

[Restalfep]

I was thinking of running either Stubby or DNSCrypt-Proxy on my router instead of on the Pi (currently running PiHole).

Is there any difference in performance between Stubby or DNSCrypt-Proxy? I saw some posts saying that DNSCrypt-Proxy was faster when compared (using Cloudflare on both to equal testing). Is this correct or just too many variables? Trying to decide which to go with.

Thanks.

 

[kamoj]

With Voxel FW you have 3 built-in alternatives:
Stubby, DNSCrypt-Proxy v1, DNSCrypt-Proxy v2.

A problem with testing is e.g. that there is caching in the router e.g. through dnsmasq,
so check both cached and non-cached performance.

You can try this program for good and for bad (some people like it, some don't):
https://www.grc.com/dns/benchmark.htm

Please post your findings/tests here!

I was thinking of running either Stubby or DNSCrypt-Proxy on my router instead of on the Pi (currently running PiHole).

Is there any difference in performance between Stubby or DNSCrypt-Proxy? I saw some posts saying that DNSCrypt-Proxy was faster when compared (using Cloudflare on both to equal testing). Is this correct or just too many variables? Trying to decide which to go with.

Thanks.

 

[Restalfep]

Thanks. It seems every time I try my internet goes down. Maybe some conflict with Pihole. I will just go without DNS TLS/HTTPS for now.

 

[kamoj]

Ok, maybe you can skip the pihole eventually.
The R7800 is powerful and can do many things. Even run Debian and Entware.
Good Luck!

 

[Restalfep]

Ok, maybe you can skip the pihole eventually.
The R7800 is powerful and can do many things. Even run Debian and Entware.
Good Luck!

Thanks, yes I'm sure there is a better way, perhaps getting pihole right on r7800. Not that pihole is a necessity, but it is a "nice-to-have feature" haha.

 

[Voxel]

Is there any difference in performance between Stubby or DNSCrypt-Proxy?

Theoretically Stubby should be faster. Because Stubby is using getdns package (libgetdns) and getdns is using OpenSSL for encryption. OpenSSL in my version is accelerated especially for this kind of CPU (using neon instructions).

DNSCrypt-Proxy (v2) is something like "everything inside" including own encryption module, not using any other packages. No special boost for this CPU.

But I do use DNSCrypt-Proxy v2 because of its concrete servers close to my location and because of this it is faster for me.

Voxel.

 

[routine]

I read that stubby hasn't an internal dnscache so the same queries may be slower if repeated compared to dnscrypt but I'm not sure about this...
Beyond the performances, DNS over tls uses port 853 (stubby) , DNS over HTTPS uses port 443 (dnscrypt).
It would be harder for an ISP to block port 443... even if it is easy to block an IP.
I think it would be better to use dnscrypt.
here are pros and cons: https://dnscrypt.info/faq