Home IT-Architecture Windows DNS Performance Testing

Windows DNS Performance Testing

IT-Architecture · 5. January 2026

DNS issues don’t always show up as clear outages. Often they show up as annoying browser behaviour like “random delays on first page load”, “sometimes it works, sometimes it spins”, long sign-in times for SaaS apps or just weird behavior that disappears when someone retries.

My preferred approach: a simple GUI sanity check

Yes, we can do Resolve-DnsName, packet captures, ETW traces, and deep dives. But when the question is “Are my local DNS servers performing like they should?”, I like a quick, visual baseline first.

That’s why I use GRC DNS Benchmark: a small tool that benchmarks your configured DNS servers and compares them with other resolvers in terms of performance and reliability.

Download (official page): https://www.grc.com/dns/benchmark.htm

What you’re actually testing

When you benchmark DNS, you’re not just testing “the DNS server”.

You’re testing the chain:

  1. Client behavior (client cache, search suffixes, retry logic)
  2. Your local DNS server (cache hit rate, recursion load, CPU/memory, timeouts)
  3. Forwarders / upstream resolvers
  4. Network path (VPN, proxy, packet loss, asymmetric routing, firewall inspection)

So don’t run one test once and declare victory. Run it where and when it matters.

How I run the test (practical workflow)

Create a drawing of your DNS connectivity

Have you ever really confirmed how your DNS chain is configured? I always start drawing the DNS connectivity from my test client through the device. Here is my chain.

DNS Design
DNS Design

I am very happy with my initial review as I found the workflow to be as expected. My client talks to my two local DNS Server (currently running PiHole). The local DNS Server are communicating with my local Unbound DNS as the first option and the external DNS4EU servers as a backup.

Pick the right test machine for Windows DNS Performance Testing

Use a client that represents your users:

  • same site / VLAN
  • no weird VPN split-tunnel situation (unless that’s the scenario you’re troubleshooting)
  • no local “DNS hacks” (hardcoded DNS servers, custom adapters, etc.)

Run GRC DNS Benchmark for Windows DNS Performance Testing

The tool typically detects the DNS servers your system is currently configured to use, then benchmarks them against a list of known public resolvers. Here is my initial result.

GRC Benchmark Test
GRC Benchmark Test

Add your relevant resolvers

Make sure you include:

  • your local DNS servers (DCs or dedicated resolvers) in my scenario these are 192.168.0.1 (my local Unifi UDM Pro SE), my two local DNS Servers with malware and ad blocking abilities (192.168.0.212, 192.168.0.250) and my local unbound docker container (192.168.0.211).
  • any forwarders you rely on (DNS4EU – 86.54.11.1 & 86.54.11.201)
  • one or two “known public” resolvers for comparison (as reference, not as the goal)

Execute the benchmark

Run the test and focus on two outcomes:

  • Latency (fast answers)
  • Reliability (no timeouts / failures)

Reliability matters more than shaving 5ms off a lookup. A “fast” resolver that times out under load is worse than a slightly slower one that is consistent.

Checking the Results for Windows DNS Performance

Cached vs uncached

If your local DNS is doing its job (and users repeatedly hit the same SaaS domains), cached lookups should be fast and stable. DNS caching is a core part of how DNS is supposed to work. To check the differrent results just check and uncheck the box “Show uncached”.

DNSBench Cached Uncached
DNSBench Cached Uncached

“Local DNS slower than public DNS”

This can happen — and it’s usually a sign of upstream/forwarder problems, not that “public DNS is magically better”.

Remember: a forwarder can build a large cache because all external queries go through it, which improves response times and reduces external traffic. If your forwarder is misconfigured, overloaded, or timing out, your clients will pay for it.

Important: If you see this behaviour you should really look into your DNS Nameserver CPU / Memory / configuration and start troubleshooting.

Timeouts / failures during Windows DNS Performance Testing

This is the big red flag.

If you see instability, don’t guess. Start your investigation.

What to do when your local DNS is “slow”

Here’s the honest truth: DNS slowness is rarely solved by one magic setting. But the fixes usually fall into a few buckets.

Bucket 1: Fix the forwarding path

  • Review your forwarders and their reach ability
  • Ensure your forwarders are stable (packet loss hurts DNS disproportionately)
  • Avoid building “forwarder chains” with too many hops

Forwarding is a normal and recommended pattern — but only if it’s engineered properly.

Bucket 2: Stop fighting the DNS client cache

Windows has client-side DNS caching and Microsoft explicitly recommends not disabling it.
If someone disabled it “for troubleshooting” and it became permanent: congratulations, you’ve created unnecessary load and latency.

Bucket 3: Observe the DNS server like a real service

If DNS is critical, treat it like Tier-0-adjacent infrastructure (because it often is).

  • Turn on logging/diagnostics when troubleshooting
  • Use operational tooling (dnscmd) for inspection and automation

The “don’t over engineer” rule

DNS is an area where “over engineered and complex” designs age badly.

Keep it boring:

  • clear ownership (who operates DNS?)
  • clear architecture (who resolves external names, who hosts internal zones?)
  • repeatable changes
  • measurable outcomes (before/after tests)

Important: If you can’t explain your DNS resolution path on a whiteboard in 60 seconds, you don’t control it. The 60 second rule no longer applies, when you deal with split DNS and Azure DNS Forwarders and all the complexity around that.

Homelab / Adaptive Cloud Windows DNS Performance Testing

In homelabs I see the same pattern, just faster:

  • Pi-hole / Technitium / Unbound / router DNS forwarding
  • split DNS for internal zones
  • VPN clients bringing their own resolver behavior

The tool is still useful there — because the questions are always the same:

Support the developers and buy version 2 of DNS Performance

The new version of DNS Performance comes with a lot of features. It adds IPv6 support, secure DNS communication and you can automatically let it repeat the test 50 or 200 times. What made me immediately buy it was the 9,95$ life time option with no hazzle but just good old license keys.

Windows DNS Performance Testing using GRC v2
DNS Performance V 2.0

Good and start the developer here today. Purchase Link

Conclusion on Windows DNS Performance Testing

If external websites feel slow, don’t start with blame. Start with your initial packet loss and latency first, but then immediatly look into DNS.

Here is what to remember:

  • Keep DNS boring, repeatable, and measurable.
  • Benchmark from a representative client
  • Compare your local DNS vs upstream behavior
  • Prioritize reliability over micro-optimizing latency
  • Instrument DNS properly when you see failures (logs + diagnostics)

If you have any questions please don’t hesitate to reach out to me on LinkedIn, Bluesky or check my newly created Adaptive Cloud community on Reddit.

LinkedIn: https://www.linkedin.com/in/andreas-hartig/
Bluesky: https://bsky.app/profile/hartiga.de
Adaptive Cloud community on Reddit: https://www.reddit.com/r/AdaptiveCloud/

Sources and more to read

Spread the knowledge
Avatar for Andreas Hartig
Andreas Hartig
Andreas Hartig - MVP - Cloud and Datacenter Management, Microsoft Azure

Related Posts

Dragon IT Operations logfile tailing using Klogg
Tools

Tail for log files with Windows – 2026 Edition

· 2. February 2026

I view a lot of log files—probably more than I’d like to admit. Whether it’s troubleshooting a hybrid infrastructure issue or debugging a cloud deployment, I always look for the … Read more

Spread the knowledge
Read more
Year2025 Dragon Christmas Party
IT-Architecture

2025 Review from Andreas Hartig

· 24. December 2025

Check below if you want to read my 2025 Review. 2025 was one of those years where everything moves at once — work, community, and the personal projects you thought … Read more

Spread the knowledge
Read more
IT Security Dragon reading Windows Event Logs
Tools

Windows Server Event Log and Event Log Policies

· 15. December 2025

Windows Server Event Log for most teams are only used when something already smells like incident:💥 DC misbehaving,💥 file server “mysteriously slow”,💥 SOC asking for “all the logs you have … Read more

Spread the knowledge
Read more
M365 Local Dragon
Azure

Why Microsoft 365 Local Matters: A Real Future for Disconnected & Sovereign On-Premises Environments

· 24. November 2025

Why Microsoft 365 Local? With Microsoft 365 Local now generally available, Microsoft sends a strong signal: on-premises and sovereign-cloud footprints are not legacy baggage — they remrain strategically relevant. Together … Read more

Spread the knowledge
Read more
Dragon Infrastructure Debt
IT-Architecture

Timing Is Infrastructure Debt: Why Hybrid Cloud Teams Can’t Wait to Modernise

· 15. November 2025

In this article you’ll discover why the familiar notion of technical debt goes well beyond code—and how in the hybrid-cloud and infrastructure world, the real culprit is often timing. You’ll … Read more

Spread the knowledge
Read more
notepad addons 2025 hero
Tools

Notepad++ – Most important AddOns 2025

· 22. September 2025

Notepad++ is my favourite notebook and editor is actually perfect, but it can always be better. For this reason, there are a few “quality of life” improvements that I use … Read more

Spread the knowledge
Read more