Download now

DNS Benchmark for IT Professionals — Technical DNS Server Analysis

· 10 min read

For a home user, DNS is something that “just works.” For an IT professional, DNS is critical infrastructure — responsible for all name resolution in the corporate network, often the first suspect when something is mysteriously slow, and the most underestimated component in performance diagnostics.

This article is for sysadmins, network engineers, and IT analysts who want to use DNS Benchmark systematically to audit, diagnose, and optimize corporate DNS infrastructure.

If you need a quick refresher on the user-facing metrics behind these audits, review what DNS jitter means and the public baseline in our Cloudflare vs Google DNS comparison.

Why test DNS in corporate environments?

The obvious answer is: because slow DNS means slow internet for the entire organization. But there are more subtle reasons:

Accumulated latency: in environments with many DNS requests (SaaS, cloud, microservices), DNS latency accumulates. An application that makes 50 DNS requests per user session with 80ms latency each is adding 4 seconds of DNS overhead per session — easily overlooked in surface-level diagnostics.

Detecting internal DNS problems: organizations using Active Directory, internal recursive resolvers, or split-horizon DNS often have performance issues in internal DNS that DNS Benchmark can quantify.

Baseline for changes: before switching ISPs, migrating to the cloud, or changing network infrastructure, having a DNS latency baseline enables objective post-migration comparison.

Compliance and security: knowing exactly which DNS resolvers are being used is important for security audits, especially in environments that need to ensure all DNS traffic passes through internal or approved servers.

Metrics that matter for IT

DNS Benchmark collects the following technical metrics:

MetricDescriptionAcceptable threshold
Min latencyAbsolute best case< 5ms (internal), < 20ms (external)
Avg latencyTypical experience< 10ms (internal), < 30ms (external)
P95 latency95% of requests stay below this< 20ms (internal), < 50ms (external)
P99 latency99% of requests stay below this< 50ms (internal), < 100ms (external)
JitterVariation between measurements< 5ms (internal), < 15ms (external)
Availability% of requests that received a response> 99.9%

For critical corporate environments, internal thresholds are stricter because internal DNS should be faster than any external server — if it isn’t, there’s an architectural problem.

Testing internal DNS servers and corporate resolvers

DNS Benchmark allows adding custom servers beyond the default list. This is essential for auditing:

  • Internal recursive resolvers (e.g., Windows DNS Server, BIND, Unbound)
  • DNS forwarders configured in the firewall
  • ISP DNS servers
  • Fallback DNS for redundancy

To test an internal resolver, add the server IP directly in the app. You can compare the internal resolver latency against public servers — if the internal resolver is slower than Cloudflare 1.1.1.1 for external domains, this indicates that external query forwarding is suboptimal.

DoH vs DoT vs Classic DNS — security considerations

In corporate environments, the choice of DNS protocol has security and visibility implications:

Classic DNS (UDP/TCP port 53)

  • Advantage: universal support, easy to monitor with network tools.
  • Disadvantage: unencrypted, vulnerable to interception and cache poisoning.
  • Recommended use: communication between internal resolvers within the corporate network (trusting the perimeter).

DNS over TLS (DoT, port 853)

  • Advantage: encrypted, server authentication, natively supported on Android and Linux.
  • Disadvantage: port 853 may be blocked by legacy firewalls; requires TLS infrastructure.
  • Recommended use: communication between managed devices and the organization’s DNS resolvers.

DNS over HTTPS (DoH, port 443)

  • Advantage: traffic runs on port 443 (HTTPS), rarely blocked; high security.
  • Disadvantage: makes monitoring and filtering harder — DNS traffic is mixed with HTTPS.
  • Recommended use: remote users and BYOD where there is no full device control.

Important architectural decision: if your organization needs to inspect DNS traffic (for DLP, compliance, or filtering), DoH represents a challenge — devices using DoH with external resolvers may bypass corporate DNS controls. The solution is to implement an internal DoH resolver or block DoH to non-approved resolvers.

How to export and document results

DNS Benchmark maintains a history of all tests performed. For professional documentation purposes:

  1. Run the test under production conditions (same typical usage time, same network).
  2. Repeat 3–5 times on different days to identify typical vs. anomalous variations.
  3. Export the results using the app’s sharing function.
  4. Compare the numbers against the thresholds defined by the IT team.

For technical reports, the most relevant data are: average latency, P95, jitter, and availability for each server tested.

Use cases

Diagnosing network slowness

Symptom: users report that web applications are slow, but speed tests show adequate bandwidth.

Approach with DNS Benchmark:

  1. Run the test on affected users’ devices.
  2. Compare the internal resolver latency against public servers.
  3. If the internal resolver is >3x slower than public servers for external domains, the issue may be in external query forwarding.
  4. Check whether the internal resolver is overloaded, has insufficient cache memory, or has connectivity problems with its configured forwarders.

Before/after ISP switch comparison

Scenario: migration from ISP A to ISP B, with ISP DNS servers used as external resolvers.

Approach:

  1. Run DNS Benchmark before the migration and save the results as a baseline.
  2. After migration, run it again.
  3. Compare latency and jitter from ISP A vs ISP B resolvers for the most accessed domains in the organization.
  4. If ISP B has worse DNS, consider using independent resolvers (Cloudflare, Quad9) as an alternative.

Continuous monitoring with alerts

For environments that need proactive DNS monitoring, DNS Benchmark can be part of a diagnostics toolkit. Combined with monitoring tools like Zabbix, Nagios, or Datadog, you can:

  1. Use DNS Benchmark to identify normal latency thresholds.
  2. Configure alerts in monitoring tools when DNS latency exceeds those thresholds.
  3. Use DNS Benchmark for quick diagnosis when an alert fires.

Integrating DNS Benchmark into the support workflow

For helpdesk and L1/L2 support teams, DNS Benchmark is a quick triage tool:

Network diagnostics checklist with DNS Benchmark:

  • Run a DNS test and verify that latency is within expected thresholds
  • Verify that the device is using the correct resolver (internal vs. external)
  • Compare the result against the documented baseline for that network
  • If DNS latency is high, escalate to L2 with the test data

Having objective DNS data available at first contact reduces resolution time and facilitates escalation with precise information, avoiding the classic cycle of “I couldn’t reproduce the issue.”

For support or technical documentation for DNS Benchmark, review the DNS Benchmark app overview, the step-by-step workflow, or contact us through the app store.

Test your DNS now

Download DNS Benchmark for free and find the fastest server for your network.

Download DNS Benchmark on Google Play Download DNS Benchmark on the App Store