performance
Resolver Benchmarks
How Cloudflare, Google, and Quad9 compare on speed — and why your ISP's resolver is probably slower than all of them
Measuring DNS resolver speed
DNSPerf is the industry-standard benchmarking service for DNS performance. Their methodology provides the most comparable data across providers:
| Parameter | Detail |
|---|---|
| Test locations | 200+ probing nodes distributed globally |
| Measurement frequency | Queries sent every minute from each location |
| Query types | A records for a rotating set of popular domains |
| Metrics captured | Response time (ms), uptime (%), query success rate |
| Reporting | Aggregated globally and by continent |
DNSPerf measures the full round trip from probe to resolver and back, capturing real-world network latency rather than just server processing time.
The global leaderboard
| Resolver | IP address | Global avg | North America | Europe | Asia | Uptime |
|---|---|---|---|---|---|---|
| Cloudflare | 1.1.1.1 | ~11–13 ms | ~7 ms | ~7 ms | ~15 ms | 99.99% |
| 8.8.8.8 | ~18–22 ms | ~8.5 ms | ~7 ms | ~25 ms | 99.99% | |
| Quad9 | 9.9.9.9 | ~20–25 ms | ~7 ms | ~4 ms | ~30 ms | 99.97% |
| OpenDNS | 208.67.222.222 | ~25–30 ms | ~12 ms | ~15 ms | ~35 ms | 99.95% |
Data aggregated from DNSPerf, ThousandEyes, and independent benchmarks (2025).
Regional highlights
Europe: Quad9 excels with ~4.35 ms average (versus Google’s 7.17 ms), leveraging strong European peering relationships and data center density.
North America: All top resolvers perform within 2 ms of each other (~7–9 ms). The competition is so tight that network conditions on any given day can change the ranking.
Asia/Oceania: Cloudflare leads significantly due to broader anycast deployment in the region. Google and Quad9 have fewer points of presence in parts of Southeast Asia and Oceania.
City-level latency for Cloudflare 1.1.1.1
| City | Measured latency |
|---|---|
| New York | ~2 ms |
| Los Angeles | ~3 ms |
| Dallas | ~2 ms |
| London | ~1 ms |
| Amsterdam | ~2 ms |
| Frankfurt | ~4 ms |
| Paris | ~5 ms |
These numbers are remarkably close to the theoretical minimum — the speed of light through fiber over the distance between the client and the nearest Cloudflare data center.
Why Cloudflare is fastest
Cloudflare consistently ranks #1 in DNS resolver speed for structural reasons that compound:
1. Massive anycast network (330+ cities)
Cloudflare operates data centers in 330+ cities across 120+ countries. Every data center runs the 1.1.1.1 resolver via anycast, so DNS queries are automatically routed to the geographically nearest point of presence. This minimizes the network RTT to single-digit milliseconds in most populated areas.
2. The 1.1.1.1 address (APNIC partnership)
Cloudflare obtained the 1.1.1.1 IP through a research partnership with APNIC (the Asia-Pacific Internet registry). The memorability of the address drove massive adoption, which improves cache hit rates — more users means more diverse queries means warmer caches.
3. Argo Smart Routing
Rather than relying on BGP’s default routing, Cloudflare’s Argo technology measures real-time latency across its private backbone and selects the fastest path to upstream authoritative servers, reducing upstream query latency by up to 30%.
4. Co-located authoritative + resolver
Because Cloudflare also operates one of the largest authoritative DNS services, queries for Cloudflare-hosted domains are resolved within the same data center — zero network RTT between resolver and authoritative.
5. Shared cache architecture
Cloudflare’s resolver shares cache across the massive query volume it handles (1+ trillion queries/day across its platform). More users querying the same popular domains means warmer caches and faster responses.
ISP resolvers: why they are slower
ISP-provided DNS resolvers are often significantly slower than public resolvers. Public resolvers outperform ISP DNS by 300–500% in many regions according to DNSPerf testing.
| Problem | Impact |
|---|---|
| Underpowered hardware | Shared, older infrastructure increases server processing time |
| Few locations | Typically 1–3 resolver clusters per region — higher RTT for distant users |
| Cache fragmentation | Round-robin load balancing across machines, each with its own cache — lower hit rates |
| No anycast | Unicast addressing means fixed geographic locations |
| No smart routing | Default BGP paths to authoritative servers — suboptimal upstream latency |
| NXDOMAIN hijacking | Some ISPs intercept NXDOMAIN responses for ad revenue, adding processing latency |
For 78% of tested locations, even the overhead of encrypted DNS (DoH) to a public resolver adds only 12–42 ms median latency per lookup compared to the local ISP resolver — a small price for dramatically better tail latency and reliability.
EDNS Client Subnet: the CDN tradeoff
EDNS Client Subnet (ECS) allows a resolver to include a truncated portion of the client’s IP in queries to authoritative servers. This enables CDNs to return edge server IPs close to the user rather than close to the resolver.
The problem: Without ECS, when a user in Tokyo queries Google Public DNS (8.8.8.8), the CDN’s authoritative server sees Google’s resolver (which might be in Singapore) and returns Singapore edge server IPs. The user’s HTTP request travels farther than necessary.
With ECS: Google’s resolver includes the user’s /24 subnet. The CDN sees the user is in Tokyo and returns Tokyo edge server IPs.
Provider approaches
| Resolver | ECS support | Rationale |
|---|---|---|
| Google Public DNS | Yes (default on, /24 IPv4) | Performance optimization for CDN steering |
| Cloudflare 1.1.1.1 | No | Privacy-first; relies on anycast proximity |
| Quad9 | No | Privacy-focused |
| NextDNS | Configurable | User choice |
The tradeoff
A 2025 study found that providing a /24 client prefix via ECS yields HTTP latencies nearly equivalent to using the full client IP address. Only 3% of locations see degradation exceeding 50% relative to full-IP CDN steering.
But ECS comes at a privacy cost — the client’s network is visible to authoritative servers. Cloudflare argues that its 330+ city anycast network compensates: since the resolver is almost always near the user, the CDN’s authoritative server sees a nearby source IP anyway.
The choice between ECS and no-ECS is ultimately a choice between CDN performance and privacy. For most users, the difference is negligible. For users far from their resolver’s nearest point of presence, ECS provides measurably better CDN routing.
What the benchmarks do not measure
DNSPerf and similar tools measure resolver response time for cache-hit queries to popular domains. They do not capture:
- Cold-cache resolution time — how fast the resolver fetches an answer it has never seen
- DNSSEC validation overhead — the extra round trips for signature verification
- Reliability under DDoS — how the resolver performs when targeted by attack traffic
- Privacy practices — whether the resolver logs queries, sells data, or respects user preferences
- Threat blocking — Quad9 blocks malware domains; Cloudflare and Google do not by default
Speed is one dimension. The right resolver choice depends on the full picture: speed, privacy, security, and reliability.