Web services (browsing security and parental control) are too slow

[zeus10000]

UPDATE by @ameshkov: See the implementation details: #525 (comment)

Hello,
I am running Adguard-home on RHEL7.6 on AWS with 1vCPU and 1GB ram. Although initially, the DNS was resolving quickly, after 24 hours, I started noticing some delays in resolving DNS (upstream being the default cloudflare). The VM seems to be pretty quite.

I tried the same using Ubuntu 16.04 with similar behavior.

Any suggestions?

Environment

| Version of AdGuard Home server:| - v0.92
| How did you setup DNS configuration:| - AWS t2.micro
| Operating system and version:| RHEL 7.6, Ubuntu 16.04.

[hmage]

Hi!

Can you post the configuration file? I'm interested whether you changed the ratelimit settings.

Taking a guess, I think this is because you ran out of vCPU credits (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-credits-baseline-concepts.html). Can you make sure this isn't the case?

Also try running time dig google.com @your.machine.ip.address.

[zeus10000]

I did not make any changes to the default config apart from adding additional filter lists & blocklist. Also, The CPU is pretty much staying idle

=============================
CPU Util:

=============================
cat /root/AdGuardHome/AdGuardHome.yaml
bind_host: 0.0.0.0
bind_port: 3000
auth_name: ####
auth_pass: ####
language: ""
dns:
port: 53
protection_enabled: true
filtering_enabled: true
blocked_response_ttl: 10
querylog_enabled: true
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
bootstrap_dns: 8.8.8.8:53
parental_sensitivity: 0
parental_enabled: false
safesearch_enabled: true
safebrowsing_enabled: true
upstream_dns:

• tls://1.1.1.1
• tls://1.0.0.1
  filters:
• enabled: true
  url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
  name: AdGuard Simplified Domain Names filter
  last_updated: 2019-01-04T17:10:02.343014154Z
  id: 1
• enabled: true
  url: https://adaway.org/hosts.txt
  name: AdAway
  last_updated: 2019-01-04T17:05:02.342998035Z
  id: 2
• enabled: true
  url: https://hosts-file.net/ad_servers.txt
  name: hpHosts - Ad and Tracking servers only
  last_updated: 2019-01-04T17:05:02.502039031Z
  id: 3
• enabled: true
  url: http://www.malwaredomainlist.com/hostslist/hosts.txt
  name: MalwareDomainList.com Hosts List
  last_updated: 2019-01-04T17:05:03.476695873Z
  id: 4
• enabled: true
  url: https://easylist.to/easylist/easylist.txt
  name: EasyList
  last_updated: 2019-01-04T17:05:03.590343788Z
  id: 1546390427
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/2.txt
  name: AdGuard Base filter
  last_updated: 2019-01-04T17:05:03.765327115Z
  id: 1546391142
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/3.txt
  name: AdGuard Spyware filter
  last_updated: 2019-01-04T17:05:03.996492533Z
  id: 1546391143
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/4.txt
  name: AdGuard Social Media filter
  last_updated: 2019-01-04T17:05:04.01762709Z
  id: 1546391144
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/14.txt
  name: AdGuard Annoyances filter
  last_updated: 2019-01-04T17:05:04.048278364Z
  id: 1546391145
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/1.txt
  name: AdGuard Russian filter
  last_updated: 2019-01-04T17:05:04.082829061Z
  id: 1546391146
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/6.txt
  name: AdGuard German filter
  last_updated: 2019-01-04T17:05:04.114680066Z
  id: 1546391147
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/16.txt
  name: AdGuard French filter
  last_updated: 2019-01-04T17:05:04.145451466Z
  id: 1546391148
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/7.txt
  name: AdGuard Japanese filter
  last_updated: 2019-01-04T17:05:04.175168718Z
  id: 1546391149
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/8.txt
  name: AdGuard Dutch filter
  last_updated: 2019-01-04T17:05:04.196042982Z
  id: 1546391150
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/9.txt
  name: AdGuard Spanish/Portuguese filter
  last_updated: 2019-01-04T17:05:04.228637536Z
  id: 1546391151
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/13.txt
  name: AdGuard Turkish filter
  last_updated: 2019-01-04T17:05:04.251836078Z
  id: 1546391152
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/238.txt
  name: Polish Anti Adblock Filters
  last_updated: 2019-01-04T17:05:04.27531768Z
  id: 1546391153
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/11.txt
  name: AdGuard Mobile Ads filter
  last_updated: 2019-01-04T17:05:04.298238361Z
  id: 1546391154
• enabled: true
  url: https://filters.adtidy.org/extension/chromium/filters/12.txt
  name: AdGuard Safari filter
  last_updated: 2019-01-04T17:05:04.317671846Z
  id: 1546391155
  user_rules:
• '||www.googleadservices.com^$important'
• '||pagead.l.doubleclick.net^$important'
• '||googleadapis.l.google.com^$important'
• '||suggestqueries.google.com^$important'
• '||app-measurement.com^$important'
• '||t.appsflyer.com^$important'
• '||reports.crashlytics.com^$important'
• '||decide.mixpanel.com^$important'
• '||api.mixpanel.com^$important'
• '||smetrics.discover.com^$important'
• '||api.wirelessdeveloper.com^$important'
• '||smetrics.discover.com^$important'
• '||sdk8.ibm.xtify.com^$important'
• '||cdn.optimizely.com^$important'
• '||graph.accountkit.com^$important'
• '||jsso.indiatimes.com^$important'
• '||graph.accountkit.com^$important'
• '||gaana.helpshift.com^$important'
• '||apiv3.moengage.com^$important'
• '||gaana.helpshift.com^$important'
• '||logs.gaana.com^$important'
• '||b.scorecardresearch.com^$important'
• '||pay.gaana.com^$important'
• '||udm.scorecardresearch.com^$important'
• '||api.moengage.com^$important'
• '||udm.scorecardresearch.com^$important'
• '||www.googleadservices.com^$important'
• '||ethn.io^$important'
• '||app.adjust.com^$important'
• '||robinhood.helpshift.com^$important'
• '||crumbs.robinhood.com^$important'
• '||advil.waze.com^$important'
• '||inbox-na.waze.com^$important'
• '||social-na.waze.com^$important'
• '||ads-resources-legacy.waze.com^$important'
• '||cresg.waze.com^$important'
• '||ads-resources.waze.com^$important'
• '||cres.waze.com^$important'
• '||wazespeechactiviation-pa.googleapis.com^$important'
• '||tts.waze.com^$important'
• '||static.adweek.com^$important'
• '#||mobilenetworkscoring-pa.googleapis.com'
• '||connect.facebook.net'
• '||i1.wp.com^$important'
• '||realtime.services.disqus.com^$important'
• '||s.youtube.com^$important'
• '||static.doubleclick.net^$important'
• '||googleads.g.doubleclick.net^$important'
• '||pubads.g.doubleclick.net^$important'
• '||^doubleclick.net^important'
• '||^googleadservices.com^important'
• '||api.flickr.com^$important'
• '||presentationtracking.netflix.com^$important'
• '||pancake.apple.com^$important'
• '||apis.google.com^$important'
• '# ||facebook.com^$important'
• '||facebook.net^$important'
• '||syndication.twitter.com^$important'
• '||23-courier.push.apple.com^$important'
• '||init-p01st.push.apple.com^$important'
• '||xp.apple.com^$important'
• '||init.itunes.apple.com^$important'
• '||play.itunes.apple.com^$important'
• '||su.itunes.apple.com^$important'
• '||se-edge.itunes.apple.com^$important'
• '||api.apps.apple.com^$important'
• '||api-edge.apps.apple.com^$important'
• '||gspe1-ssl.ls.apple.com^$important'
• '||ytimg-edge-static.l.google.com^$important'
• '#||clients3.google.com^$important'
• '||direct.shodan.io^$important'
• '||dns.google.com^$important'
• '#Samsung TV'
• '||log-ingestion.samsungacr.com^$important'
• '||premium-videos.telly.com^$important'
• '||feed.telly.com^$important'
• '||cds.g9c9c3d5.hwcdn.net^$important'
• ""
  dhcp:
  enabled: false
  interface_name: ""
  gateway_ip: ""
  subnet_mask: ""
  range_start: ""
  range_end: ""
  lease_duration: 0
  schema_version: 2

=============================
time dig google.com @x.x.x.x

; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> google.com @x.x.x.x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22291
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; Query time: 321 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Fri Jan 04 17:18:04 EST 2019
;; MSG SIZE rcvd: 28

real 0m0.336s
user 0m0.008s
sys 0m0.004s

[AnthonyBe]

I've seen the same thing in AGH since the first 0.9 release and am wondering whether it is a scalability issue.

I've run AGH on 2 environments with same results:

1. Linux AMD64 image (v0.9->v0.92) under Ubuntu 16.04.1 WSL on Windows 10 on a Core i7 CPU, 16GB RAM PC.
2. Windows image (v0.92->v0.92 hotfix 1) under Windows Server 2012 R2 on HP Proliant MicroServer gen8 (Pentium G2020T CPU, 16GB RAM).

Massive amounts of headroom in both CPU and RAM on both devices.
I have about 50 devices on my home network.

In general operation, I've never seen the General Processing time get under 100ms, and it is usually around 130ms.

The ONLY time I saw it lower was when I was migrating from environment 1 (Linux image on Win10) to environment 2 (Windows image on Win Server 2012) and had both of them running concurrently and let devices migrate to the new one as they renewed the DHCP IP info to pick up the new DNS server.

In the first 24 horus where the new environment only had a handful of devices using it, the general processing time was in the 20-40ms range. Within a couple of days when all of my devices had migrated over, it was back up to the 100+ms average.

I've just upgraded from v0.92 to v0.92-hotfix1 in the last hour so I'll give that 24 hours to get current stats given v0.92 had a couple of DNS bugs that might cause bad results.

My config, for reference:

bind_host: 0.0.0.0
bind_port: 3000
auth_name: ####
auth_pass: ####
language: ""
dns:
port: 53
protection_enabled: true
filtering_enabled: true
blocked_response_ttl: 10
querylog_enabled: true
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
bootstrap_dns: 8.8.8.8:53
parental_sensitivity: 0
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: true
upstream_dns:

• tls://1dot1dot1dot1.cloudflare-dns.com
• tls://one.one.one.one
• tls://dns.adguard.com
  filters:
• enabled: true
  url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
  name: AdGuard Simplified Domain Names filter
  last_updated: 2019-01-05T13:11:55.9815204+11:00
  id: 1
• enabled: false
  url: https://adaway.org/hosts.txt
  name: AdAway
  id: 2
• enabled: true
  url: https://hosts-file.net/ad_servers.txt
  name: hpHosts - Ad and Tracking servers only
  last_updated: 2019-01-05T13:11:56.2391441+11:00
  id: 3
• enabled: true
  url: http://www.malwaredomainlist.com/hostslist/hosts.txt
  name: MalwareDomainList.com Hosts List
  last_updated: 2019-01-05T13:11:58.7861454+11:00
  id: 4
  user_rules:
• ""
  dhcp:
  enabled: false
  interface_name: ""
  gateway_ip: ""
  subnet_mask: ""
  range_start: ""
  range_end: ""
  lease_duration: 0
  schema_version: 2

[ameshkov]

When a DOT upstream is under load, it operates on open connections so things go fast.
When night comes and there is no more activity, every new DNS request requires establishing a new TLS connection, it has to go through TLS handshake every time, and this slows things down considerably.

Just in case, try using a plain DNS upstream instead, do you see any difference?

[zeus10000]

I upgraded to v0.92-hotfix1 and for last 10 hours, the response time as reported on web gui went up to 70ms. I changed the upstream to use UDP instead of TLS, restarted the ADH service. After few hours, the DIG response time is now 263 ms vs the 321ms on using tls.

; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> google.com @xxxx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7194
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 145 IN A 172.217.7.174

;; Query time: 263 msec
;; SERVER: XXXX#53(XXXX)
;; WHEN: Sat Jan 05 13:20:52 EST 2019
;; MSG SIZE rcvd: 65

real 0m0.279s
user 0m0.016s
sys 0m0.000s

[ameshkov]

@jimitsalvi it'd help if AGH was running with -v argument so that we could see what takes so long in the stdout.

[ameshkov]

Hm, on the other hand, we'd better extend the verbose logging before proceeding. In the current implementation, we won't see how much time does every operation take.

We should get back to this issue once #531 is done.

[zeus10000]

just for the reference -- Not sure, how many logs you wanted but here is a few. Looks like the upstream DNS resolver takes no more than 14 ms. Is there some implementation where we could see the RTT downstream from the ADG to clients?

2019/01/05 18:52:12 AdGuard Home web interface backend, version v0.92-hotfix1
2019/01/05 18:52:12 Current working directory is /root/AdGuardHome
2019/01/05 18:52:12 main.upgradeConfig(): got schema version 2
2019/01/05 18:52:12 Reading YAML file: /root/AdGuardHome/AdGuardHome.yaml
2019/01/05 18:52:12 Loading filter 1 contents to: /root/AdGuardHome/data/filters/1.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1.txt, id 1, length 502656
2019/01/05 18:52:12 Loading filter 2 contents to: /root/AdGuardHome/data/filters/2.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/2.txt, id 2, length 13722
2019/01/05 18:52:12 Loading filter 3 contents to: /root/AdGuardHome/data/filters/3.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/3.txt, id 3, length 1772576
2019/01/05 18:52:12 Loading filter 4 contents to: /root/AdGuardHome/data/filters/4.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/4.txt, id 4, length 35737
2019/01/05 18:52:12 Loading filter 1546390427 contents to: /root/AdGuardHome/data/filters/1546390427.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546390427.txt, id 1546390427, length 2793130
2019/01/05 18:52:12 Loading filter 1546391142 contents to: /root/AdGuardHome/data/filters/1546391142.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391142.txt, id 1546391142, length 4270317
2019/01/05 18:52:12 Loading filter 1546391143 contents to: /root/AdGuardHome/data/filters/1546391143.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391143.txt, id 1546391143, length 315593
2019/01/05 18:52:12 Loading filter 1546391144 contents to: /root/AdGuardHome/data/filters/1546391144.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391144.txt, id 1546391144, length 265463
2019/01/05 18:52:12 Loading filter 1546391145 contents to: /root/AdGuardHome/data/filters/1546391145.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391145.txt, id 1546391145, length 607189
2019/01/05 18:52:12 Loading filter 1546391146 contents to: /root/AdGuardHome/data/filters/1546391146.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391146.txt, id 1546391146, length 819775
2019/01/05 18:52:12 Loading filter 1546391147 contents to: /root/AdGuardHome/data/filters/1546391147.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391147.txt, id 1546391147, length 660066
2019/01/05 18:52:12 Loading filter 1546391148 contents to: /root/AdGuardHome/data/filters/1546391148.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391148.txt, id 1546391148, length 706906
2019/01/05 18:52:12 Loading filter 1546391149 contents to: /root/AdGuardHome/data/filters/1546391149.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391149.txt, id 1546391149, length 47359
2019/01/05 18:52:12 Loading filter 1546391150 contents to: /root/AdGuardHome/data/filters/1546391150.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391150.txt, id 1546391150, length 69002
2019/01/05 18:52:12 Loading filter 1546391151 contents to: /root/AdGuardHome/data/filters/1546391151.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391151.txt, id 1546391151, length 133826
2019/01/05 18:52:12 Loading filter 1546391152 contents to: /root/AdGuardHome/data/filters/1546391152.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391152.txt, id 1546391152, length 270867
2019/01/05 18:52:12 Loading filter 1546391153 contents to: /root/AdGuardHome/data/filters/1546391153.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391153.txt, id 1546391153, length 21736
2019/01/05 18:52:12 Loading filter 1546391154 contents to: /root/AdGuardHome/data/filters/1546391154.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391154.txt, id 1546391154, length 140598
2019/01/05 18:52:12 Loading filter 1546391155 contents to: /root/AdGuardHome/data/filters/1546391155.txt
2019/01/05 18:52:12 File /root/AdGuardHome/data/filters/1546391155.txt, id 1546391155, length 101313
2019/01/05 18:52:12 Writing YAML file: /root/AdGuardHome/AdGuardHome.yaml
2019/01/05 18:52:12 Creating dnsfilter
2019/01/05 18:52:12 Downloading update for filter 1 from https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
2019/01/05 18:52:12 Filter #1 at URL https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt hasn't changed, not updating it
2019/01/05 18:52:12 Downloading update for filter 2 from https://adaway.org/hosts.txt
2019/01/05 18:52:12 Loading stats from querylog
2019/01/05 18:52:12 Filter #2 at URL https://adaway.org/hosts.txt hasn't changed, not updating it
2019/01/05 18:52:12 Downloading update for filter 3 from https://hosts-file.net/ad_servers.txt
2019/01/05 18:52:13 file "querylog.json": read 3176 entries in 83.560685ms, 26.31µs/entry, 0 over 2h46m40s, 95.804795ms avg
2019/01/05 18:52:13 Starting the DNS proxy server
2019/01/05 18:52:13 Ratelimit is enabled and set to 20 rps
2019/01/05 18:52:13 The server is configured to refuse ANY requests
2019/01/05 18:52:13 DNS cache is enabled
2019/01/05 18:52:13 Creating the UDP server socket
2019/01/05 18:52:13 Listening to udp://[::]:53
2019/01/05 18:52:13 Go to http://0.0.0.0:3000
2019/01/05 18:52:13 Entering the UDP listener loop on [::]:53
2019/01/05 18:52:13 Filter #3 at URL https://hosts-file.net/ad_servers.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 4 from http://www.malwaredomainlist.com/hostslist/hosts.txt
2019/01/05 18:52:13 Filter #4 at URL http://www.malwaredomainlist.com/hostslist/hosts.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546390427 from https://easylist.to/easylist/easylist.txt
2019/01/05 18:52:13 Filter 1546390427 has been updated: 2793130 bytes, 73671 rules
2019/01/05 18:52:13 Saving filter 1546390427 contents to: /root/AdGuardHome/data/filters/1546390427.txt
2019/01/05 18:52:13 Downloading update for filter 1546391142 from https://filters.adtidy.org/extension/chromium/filters/2.txt
2019/01/05 18:52:13 Filter #1546391142 at URL https://filters.adtidy.org/extension/chromium/filters/2.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391143 from https://filters.adtidy.org/extension/chromium/filters/3.txt
2019/01/05 18:52:13 Filter #1546391143 at URL https://filters.adtidy.org/extension/chromium/filters/3.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391144 from https://filters.adtidy.org/extension/chromium/filters/4.txt
2019/01/05 18:52:13 Filter #1546391144 at URL https://filters.adtidy.org/extension/chromium/filters/4.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391145 from https://filters.adtidy.org/extension/chromium/filters/14.txt
2019/01/05 18:52:13 Filter #1546391145 at URL https://filters.adtidy.org/extension/chromium/filters/14.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391146 from https://filters.adtidy.org/extension/chromium/filters/1.txt
2019/01/05 18:52:13 Filter #1546391146 at URL https://filters.adtidy.org/extension/chromium/filters/1.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391147 from https://filters.adtidy.org/extension/chromium/filters/6.txt
2019/01/05 18:52:13 Filter #1546391147 at URL https://filters.adtidy.org/extension/chromium/filters/6.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391148 from https://filters.adtidy.org/extension/chromium/filters/16.txt
2019/01/05 18:52:13 Filter #1546391148 at URL https://filters.adtidy.org/extension/chromium/filters/16.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391149 from https://filters.adtidy.org/extension/chromium/filters/7.txt
2019/01/05 18:52:13 Filter #1546391149 at URL https://filters.adtidy.org/extension/chromium/filters/7.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391150 from https://filters.adtidy.org/extension/chromium/filters/8.txt
2019/01/05 18:52:13 Filter #1546391150 at URL https://filters.adtidy.org/extension/chromium/filters/8.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391151 from https://filters.adtidy.org/extension/chromium/filters/9.txt
2019/01/05 18:52:13 Filter #1546391151 at URL https://filters.adtidy.org/extension/chromium/filters/9.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391152 from https://filters.adtidy.org/extension/chromium/filters/13.txt
2019/01/05 18:52:13 Filter #1546391152 at URL https://filters.adtidy.org/extension/chromium/filters/13.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391153 from https://filters.adtidy.org/extension/chromium/filters/238.txt
2019/01/05 18:52:13 Filter #1546391153 at URL https://filters.adtidy.org/extension/chromium/filters/238.txt hasn't changed, not updating it
2019/01/05 18:52:13 Downloading update for filter 1546391154 from https://filters.adtidy.org/extension/chromium/filters/11.txt
2019/01/05 18:52:14 Filter #1546391154 at URL https://filters.adtidy.org/extension/chromium/filters/11.txt hasn't changed, not updating it
2019/01/05 18:52:14 Downloading update for filter 1546391155 from https://filters.adtidy.org/extension/chromium/filters/12.txt
2019/01/05 18:52:14 Filter #1546391155 at URL https://filters.adtidy.org/extension/chromium/filters/12.txt hasn't changed, not updating it
2019/01/05 18:52:14 Start reconfiguring the server
2019/01/05 18:52:14 Stopping the DNS proxy server
2019/01/05 18:52:14 udpListen.ReadFrom() returned because we're reading from a closed connection, exiting loop
2019/01/05 18:52:14 Stopped the DNS proxy server
2019/01/05 18:52:14 Creating dnsfilter
2019/01/05 18:52:14 Loading stats from querylog
2019/01/05 18:52:14 Starting the DNS proxy server
2019/01/05 18:52:14 Ratelimit is enabled and set to 20 rps
2019/01/05 18:52:14 The server is configured to refuse ANY requests
2019/01/05 18:52:14 DNS cache is enabled
2019/01/05 18:52:14 Creating the UDP server socket
2019/01/05 18:52:14 Listening to udp://[::]:53
2019/01/05 18:52:14 Writing YAML file: /root/AdGuardHome/AdGuardHome.yaml
2019/01/05 18:52:14 Entering the UDP listener loop on [::]:53
proxy.(*Proxy).handleUDPPacket(): Start handling new UDP packet from xx.xx.xx.xx:33795
proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 47187
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.google.com. IN A

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 876
proxy.(*Proxy).handleDNSRequest(): Upstream is 1.0.0.1:53 (1)
proxy.(*Proxy).handleUDPPacket(): Start handling new UDP packet from xx.xx.xx.xx:33795
proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 47187
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.google.com. IN A

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 876
proxy.(*Proxy).handleDNSRequest(): Upstream is 1.0.0.1:53 (1)
proxy.(*Proxy).handleUDPPacket(): Start handling new UDP packet from xx.xx.xx.xx:47030
proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 31493
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.google.com. IN AAAA

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 876
proxy.(*Proxy).handleDNSRequest(): Upstream is 1.1.1.1:53 (0)
proxy.(*Proxy).Resolve(): RTT: 11 ms
proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 31493
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.google.com. IN AAAA

;; ANSWER SECTION:
www.google.com. 228 IN AAAA 2607:f8b0:4004:804::2004

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1452
proxy.(*Proxy).Resolve(): RTT: 11 ms
proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 47187
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 199 IN A 172.217.8.4

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1452
proxy.(*Proxy).Resolve(): RTT: 11 ms
proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 47187
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 199 IN A 172.217.8.4

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1452
proxy.(*Proxy).handleUDPPacket(): Start handling new UDP packet from xx.xx.xx.xx:14811
proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 1445
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;google.com. IN A

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 876
proxy.(*Proxy).handleDNSRequest(): Upstream is 1.1.1.1:53 (0)
proxy.(*Proxy).handleUDPPacket(): Start handling new UDP packet from xx.xx.xx.xx:20136
proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 48101
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;google.com. IN AAAA

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 876
proxy.(*Proxy).handleDNSRequest(): Upstream is 1.1.1.1:53 (0)
proxy.(*Proxy).Resolve(): RTT: 11 ms
proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 48101
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;google.com. IN AAAA

;; ANSWER SECTION:
google.com. 106 IN AAAA 2607:f8b0:4004:800::200e

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1452
proxy.(*Proxy).Resolve(): RTT: 14 ms
proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 1445
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 51 IN A 172.217.7.238

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1452
proxy.(*Proxy).handleUDPPacket(): Start handling new UDP packet from xx.xx.xx.xx:38722
proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 17146
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;ssl.gstatic.com. IN A

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 876
proxy.(*Proxy).handleDNSRequest(): Upstream is 1.1.1.1:53 (0)
proxy.(*Proxy).handleUDPPacket(): Start handling new UDP packet from xx.xx.xx.xx:61425
proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 26755
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;ssl.gstatic.com. IN AAAA

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 876
proxy.(*Proxy).handleDNSRequest(): Upstream is 1.1.1.1:53 (0)
proxy.(*Proxy).Resolve(): RTT: 11 ms
proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 17146
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;ssl.gstatic.com. IN A

;; ANSWER SECTION:
ssl.gstatic.com. 143 IN A 172.217.15.99

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1452
proxy.(*Proxy).Resolve(): RTT: 12 ms
proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 26755
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;ssl.gstatic.com. IN AAAA

;; ANSWER SECTION:
ssl.gstatic.com. 142 IN AAAA 2607:f8b0:4004:801::2003

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1452
proxy.(*Proxy).handleUDPPacket(): Start handling new UDP packet from xx.xx.xx.xx:23616
proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 8786
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.gstatic.com. IN A

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 876
proxy.(*Proxy).handleDNSRequest(): Upstream is 1.0.0.1:53 (1)
proxy.(*Proxy).Resolve(): RTT: 11 ms
proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 8786
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.gstatic.com. IN A

;; ANSWER SECTION:
www.gstatic.com. 200 IN A 172.217.197.94

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1452
proxy.(*Proxy).handleUDPPacket(): Start handling new UDP packet from xx.xx.xx.xx:11646
proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 50361
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;apis.google.com. IN A

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 876
proxy.(*Proxy).handleDNSRequest(): Upstream is 1.1.1.1:53 (0)
proxy.(*Proxy).handleUDPPacket(): Start handling new UDP packet from xx.xx.xx.xx:18577
proxy.(*Proxy).logDNSMessage(): IN: ;; opcode: QUERY, status: NOERROR, id: 48737
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;apis.google.com. IN AAAA

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 876
proxy.(*Proxy).handleDNSRequest(): Upstream is 1.0.0.1:53 (1)
proxy.(*Proxy).Resolve(): RTT: 12 ms
proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 50361
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;apis.google.com. IN A

;; ANSWER SECTION:
apis.google.com. 9281 IN CNAME plus.l.google.com.
plus.l.google.com. 38 IN A 172.217.7.174

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1452
proxy.(*Proxy).Resolve(): RTT: 12 ms
proxy.(*Proxy).logDNSMessage(): OUT: ;; opcode: QUERY, status: NOERROR, id: 48737
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;apis.google.com. IN AAAA

;; ANSWER SECTION:
apis.google.com. 9281 IN CNAME plus.l.google.com.
plus.l.google.com. 46 IN AAAA 2607:f8b0:4004:802::200e

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1452

[ameshkov]

Is there some implementation where we could see the RTT downstream from the ADG to clients?

It's unclear how much we spend inside dnsfilter (we need #531 for that)
Also, you can check ping values to your server to see what's the network's overhead.

[zeus10000]

Sure, will wait for that feature. Ping & traceroute values to the server come to somewhere around 30~34 secs.

64 bytes from xx.xx.xx.xx: icmp_seq=1 ttl=42 time=32.9 ms
64 bytes from xx.xx.xx.xx: icmp_seq=2 ttl=42 time=30.9 ms
64 bytes from xx.xx.xx.xx: icmp_seq=3 ttl=42 time=28.2 ms
64 bytes from xx.xx.xx.xx: icmp_seq=4 ttl=42 time=30.1 ms
64 bytes from xx.xx.xx.xx: icmp_seq=5 ttl=42 time=29.5 ms
64 bytes from xx.xx.xx.xx: icmp_seq=6 ttl=42 time=28.8 ms
64 bytes from xx.xx.xx.xx: icmp_seq=7 ttl=42 time=30.9 ms
64 bytes from xx.xx.xx.xx: icmp_seq=8 ttl=42 time=27.7 ms
^C
--- xx.xx.xx.xx ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7009ms
rtt min/avg/max/mdev = 27.754/29.927/32.918/1.579 ms

28: ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com 33.675ms reached

[AnthonyBe]

I tried adding a TCP upstream DNS (tcp://1.1.1.1) to see if it would improve performance but if anything I've seen average processing times start exceeding 200ms (prev ~130ms).

Also, for comparison, GRC.com DNS Benchmark results below. Cached results are obviously going to be in AGH's favour, but for uncached and dom.com results, AGH is 4-5 times slower.

Final benchmark results, sorted by nameserver performance:
 (average cached name retrieval speed, fastest to slowest)

  192.168.  0.140 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  + Cached Name   | 0.000 | 0.000 | 0.000 | 0.000 | 100.0 |
  + Uncached Name | 0.355 | 0.596 | 0.890 | 0.160 | 100.0 |
  + DotCom Lookup | 0.498 | 0.616 | 0.931 | 0.139 |  97.9 |
  ---<-------->---+-------+-------+-------+-------+-------+
                Local Network Nameserver **(this is AGH)**

    1.  0.  0.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.016 | 0.019 | 0.058 | 0.008 | 100.0 |
  - Uncached Name | 0.017 | 0.123 | 0.345 | 0.099 | 100.0 |
  - DotCom Lookup | 0.160 | 0.178 | 0.226 | 0.016 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                     one.one.one.one
          CLOUDFLARENET - Cloudflare, Inc., US


  129.250. 35.250 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.015 | 0.019 | 0.051 | 0.007 |  97.9 |
  - Uncached Name | 0.016 | 0.142 | 0.276 | 0.083 | 100.0 |
  - DotCom Lookup | 0.176 | 0.228 | 0.307 | 0.029 |  97.9 |
  ---<-------->---+-------+-------+-------+-------+-------+
                    x.ns.gin.ntt.net
              YALE-AS - Yale University, US


    1.  1.  1.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  + Cached Name   | 0.015 | 0.019 | 0.039 | 0.005 |  95.7 |
  + Uncached Name | 0.016 | 0.150 | 0.424 | 0.114 |  97.7 |
  + DotCom Lookup | 0.161 | 0.173 | 0.202 | 0.008 |  97.7 |
  ---<-------->---+-------+-------+-------+-------+-------+
                     one.one.one.one
          CLOUDFLARENET - Cloudflare, Inc., US


  198.153.192.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.016 | 0.020 | 0.050 | 0.007 |  98.0 |
  - Uncached Name | 0.017 | 0.146 | 0.312 | 0.089 |  98.0 |
  - DotCom Lookup | 0.177 | 0.183 | 0.210 | 0.007 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
          ··· no official Internet DNS name ···
              ULTRADNS - NeuStar, Inc., US


    9.  9.  9.  9 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.015 | 0.020 | 0.050 | 0.009 |  97.9 |
  - Uncached Name | 0.017 | 0.147 | 0.536 | 0.116 | 100.0 |
  - DotCom Lookup | 0.016 | 0.023 | 0.054 | 0.008 |  95.7 |
  ---<-------->---+-------+-------+-------+-------+-------+
                      dns.quad9.net
                 QUAD9-AS-1 - Quad9, US


    8.  8.  8.  8 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  + Cached Name   | 0.016 | 0.020 | 0.064 | 0.009 |  97.8 |
  + Uncached Name | 0.160 | 0.221 | 0.430 | 0.074 | 100.0 |
  + DotCom Lookup | 0.171 | 0.211 | 0.421 | 0.058 |  97.8 |
  ---<-------->---+-------+-------+-------+-------+-------+
             google-public-dns-a.google.com
                 GOOGLE - Google LLC, US

[rashidjehangir]

Hi Guys. All too technical for me ;( - however, after lettingAdGuard run for a few days my Average Processing Time is at 400! It starts out at 3 and keeps rising.

[dany20mh]

I would say benchmark can be misleading too, because you run that benchmark on some specific domain for short period.
But your AdGaurd Home is running for 24 hours and that's the time you can see there.

I would say it should be an option in the Query to see what is the query that is taking long time to run and provide the result in the query log, so we can see what's running slowly.

[hmage]

@dany20mh we already have that info in querylog -- click 'download log' in querylog page and then use json parser to show only long queries

[dany20mh]

@hmage but we don't have that in the query log view (in dashboard) and that's what I meant.

[ameshkov]

Sorry for the huge delay, guys.

We've just pushed the new release with extended logging which should be enough to figure if there's any issue: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.93

Also, it uses a newer version of dnsproxy under the hood that might also help.

[AnthonyBe]

I've been running v0.93 for about 12 hours now and my average processing time is 403.11ms
17,658 DNS Queries
1,277 blocked.

I'll turn on verbose logging to capture some data.

[ameshkov]

Interesting, and in my case avg time dropped to about 15ms.

[AnthonyBe]

About 24 hours on and average processing time is 414.92ms
31,208 DNS Queries
2,424 blocked (7.77%)

Ran verbose logging for about 45 mins. Zipped log attached

AGH - Copy.zip

[ameshkov]

You know, the log seems more or less okay.

There are 765 requests in the log, the avg processing time of them is 110ms.
There were five slow requests (2159ms, 3221ms, 7408ms, 11093ms, 16272ms), if you don't count them, the avg time would be around 57ms.

One thing that I forgot to ask -- do you have "malware protection" or "parental control" services enabled. They both use a remote web service, and might slow things down.

[AnthonyBe]

I do have "Use AdGuard browsing security web service" enabled
I do not have "Use AdGuard parental control web service" enabled

I had wondered if maybe a couple of really slow queries were skewing the average processing time. When I first started v0.93 for the first hour the average processing time was around 50ms. It just seems that in that sustained 24 hour period there are enough slow responses to really skew the averages.

If I check my AGH now, the average processing time is 278.74ms
28,447 DNS queries
2,210 blocked by filters (7.77%)

[ameshkov]

I do have "Use AdGuard browsing security web service" enabled

Uh, we should add it's timing to the log as well, I don't know why we ignored it:(

@admitrevskiy could you please extend logging of the dnsFilter module?

[ameshkov]

Yeah, so the initial lookup is so slow that even with the cache, it hurts the average time.

So our options are:

1. Make it faster, deploy more servers, etc. Problem: this is expensive.
2. Start using AG DNS to do these checks (AG DNS is deployed all over the world so it will be much faster). Problem: instead of using the nice privacy-oriented algorithm based on hashes prefixes, we'll need to query the domain name.

Tbh, I like the second option more.

[admitrevskiy]

I'm guessing then that entries that show 0ms are cached responses?

Yes, you're right. For example for hub2.corp.adobe.com

2019/03/23 14:20:54 4032#40 [debug] github.com/AdguardTeam/AdGuardHome/dnsfilter.(*Dnsfilter).checkSafeBrowsing(): SafeBrowsing HTTP lookup for hub2.corp.adobe.com; Elapsed time: 331ms

The next time you were looking for this host the following log message appeared:

2019/03/23 14:21:02 4032#85 [debug] github.com/AdguardTeam/AdGuardHome/dnsfilter.(*Dnsfilter).lookupCommon(): hub2.corp.adobe.com: found in the lookup cache
2019/03/23 14:21:02 4032#85 [debug] github.com/AdguardTeam/AdGuardHome/dnsfilter.(*Dnsfilter).checkSafeBrowsing(): SafeBrowsing HTTP lookup for hub2.corp.adobe.com; Elapsed time: 0ms

[ameshkov]

Reassigned to v0.96, the task is too complicated:
#525 (comment)

Priority is set to medium because both of these options are disabled by default.

[AnthonyBe]

So I turned off 'browsing security' yesterday and now my Average Processing time is 47ms

That is a pretty significant impact!

[ameshkov]

Here's what we are going to do:

1. Replace web services (safebrowsing and parental control) with AdGuard DNS (so that we could benefit from the AdGuard DNS Anycast).
2. Use a special DNS-based protocol for safebrowsing and parental control lookups: send a special TXT DNS requests with the domain hash prefix. TXT records in the response will contain full hashes so that the client could match the full domain hash.