Hi guys for those of you that use pi-hole (or similar solutions like adguard home, etc) and wireguard how far away can you be from your wireguard/pi-hole server before latency becomes a major issue?
Also on a side note how many milliseconds of latency would you guys consider to be to slow?
Edit I meant dns latency sorry for not mentioning
As with everything, it depends.
A video stream and general web browsing can easily take a 300ms delay no issue, but voice and gaming will have issues.
Voice is fine for upto 150ms according to the IEEE.
Does the 300ms include dns latency?
Not for the duration of the stream, only for initial page load
DNS is only used initially on first load, after that the connection is made via IP and DNS isn’t used.
Yes, but if you hit a company doing DNS based load balancing, DNS is going to return an IP that’s near to your DNS server which may not be near your device. That’s going to add to the latency.
Yeh but assuming you are in the approximate same geo as you pihole it should be the same now if you deploy your pihole across continents then i would say you should really reconsider your decision.
Gotta downvote for misinformation here.
A requested video stream and web browsing is not bidirectional, and the 300ms you use as an example is not the roundtrip of traffic in that case, but also the response time of the application server.
The 150ms jitter for real-time voice/video and gaming netcode is streaming bidirectional , and that number is what most users say is not noticeable in real-time communication. You can obviously have more and still have a stable stream up to what the codec will tolerate.
HLS is a bidirectional protocol though - the system’s total network latency affects how quickly it can change to a new bitrate stream as conditions improve or degrade. And despite the name, it’s not just limited to live content. You can use this to deliver fixed-length content
Automatic downvote.
Depends on your use case there are multiple factors that guide internet use cases
- Latency - how fast
- Bandwidth - how wide/much
- Loss - how much data is lost, or how much data needs to be sent again
Gaming: latency, loss
YouTube/movies: bandwidth
Video chat/voice chat: latency, bandwidth
Remote desktop/game streaming: latency, bandwidth, loss
Web browsing: bandwidth, latency
DNS latency can be a multiplier for browsing the web, a website can include artifacts from other websites, which then can include other websites, which then can include other websites. Each one of those would require another DNS lookup, and round trip time to the website itself etc. however, DNS was architected for local caching, so only the first lookup should be slow, and then afterwards you should keep that DNS information for future lookups so it’s not going to feel too bad once you’ve warmed up the cache
Rule of thumb: under 100ms feels fine, over starts to feel a little sluggish. Over 300ms and you change your behaviors, and you really feel it.
Thanks for the clarification
Well, 1ms of latency is 300km of distance, so unless you have something really misconfigured or overloaded, or you’re across the country, latency shouldn’t be an issue. 10-20ms is normally the high water mark for most synchronous replication, so you can go a long way before a protocol like DNS becomes an issue.
I have Wireguard and I forward DNS and my internal traffic from my phone over the VPN to my pi-hole at home. All other traffic goes directly over the Internet, not the VPN. So that means only DNS encounters higher latency.
However, because a lot of companies do DNS based geo load balancing that means even if I’m on the east coast all my traffic gets sent to the West Coast because my DNS server is located there. That right there has the biggest impact on latency.
It’s tolerable on the same continent, but once I start getting into other continents then it gets a bit slow.
Interesting I always assumed they used ip not dns for geo locating cdns.
There’s two main ways of doing geo-based load balancing:
- IP Any-casting - In this case, an IP address is “homed” in multiple spots and through the magic of IP routing, it arrives at the nearest location. This is exactly how 1.1.1.1 and 8.8.8.8 work. It works fine for stateless packets like DNS, however it has some risks for stateful traffic like HTTP.
- DNS based load balancing. A server receives a request for “google.com”, looks at the IP of the DNS server and/or the EDNS Client IP in the DNS query packet and returns an IP that’s near. The problem is that when you’re doing Wireguard, it goes phone -> pi-hole (source IP is some internal IP) -> the next hop (e.g. 1.1.1.1 or 8.8.8.8), which sees the packet is coming from your home/pi-hole’s public IP. Thus it gets confused and thinks you’re in a different location than you really are. Neither of these hops really knows your true location of your phone/mobile device.
Of course, this doesn’t matter for companies that only have one data center.
Would it be better to route that directly? I’m not really understanding the complexity I guess.
Sorry, what do you mean route it directly? Maybe I didn’t clarify well enough.
My DNS is routed over the VPN but Internet traffic is routed directly. The problem is the load balancing is done based on where the DNS server is so say Google even though the traffic egresses directly to the internet bypassing the VPN it still goes to a Google DC near my home. Not all websites do this so its not always an issue.
Sorry about that, I missed the part about this being for your phone.
I only really have issues when I’m out of the country, especially when I’m back in South Africa
I just spent a couple weeks 2,000 miles from my physical PiHoles and was connected to them via StarLink. The latency was not perceptibly different from that when I am on site with the boxes.
How much was your latency out of curiosity?
I don’t recall. I was able to use Discord on my phone and play Helldivers 2 on my Steam Deck with friends without issue, though.
I’ve been away 1-2k km for weeks and noticed no difference. With proper network setup DNS should be the least of your worries.
The only time you’ll notice it is with extremely bad mobile coverage when VPN has issues reestablishing the connection.
Others have some good information here - all I’d like to add to the root is that Windows and Mac have a built-in DNS cache and it’s pretty straightforward to add a DNS cache to systemd distros (if it’s not already installed or in use) using systemd-resolved or dnsmasq if you really dislike systemd. Some distros enable this from install time.
Systems that utilize a DNS cache will keep copies of DNS query results for a period of time, making the application-level name lookup speed essentially 0ms for a cached result. Cold results obviously incur the latency of the DNS server itself.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol PiHole Network-wide ad-blocker (DNS sinkhole) VPN Virtual Private Network
5 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.
[Thread #914 for this sub, first seen 9th Aug 2024, 13:05] [FAQ] [Full list] [Contact] [Source code]