I have a little less than 5Mb/s on a DSL connection and route with a MT7620a 8/64 device. I'm looking into DNS over TLS and wonder if the encryption comes with a performance hit and if so, can it be mitigated with more powerful device?
If you think about it. The encryption part is done by the CPU of your device. The encrypted packet might be larger then the not encrypted one but we are talking about occasional DNS queries (say 10 per second would still be occasional in that regard) that should not be much of an impact.
So if very week hardware is doing the encryption then you might notice a performance impact because of the CPU. If you have a huge amount of request you might notice an impact because of your bandwidth (even less likely). But assuming you are living in the 21st century (which one might doubt when talking about 5Mbit/s uplink) it really should be no problem what so ever. Should be hardly noticeable for a human being.
In the documentation it says something about 580Mhz for the CPU which I assume is plenty for that use case.
Yes, single core 580Mhz. I was looking for an excuse to upgrade to a mt7621a, 880Mhz/Dual core with increased ram, but was not sure that throwing money at hardware would have a noticeable benefit.
I'll build, w/ stubby and test on my older unit.
just to give you a feeling. This is a overview of one day both supporting multiple clients at parts of the day:
This is a dump access point of mine using batman-adv over wifi
https://openwrt.org/toh/hwdata/tp-link/tp-link_tl-wr1043nd_v2
And its wan gateway.
https://openwrt.org/toh/hwdata/avm/avm_fritz_box_wlan_3370
not exactly comparable to your case but it surely shows quite some room for improvement in load.
If you are looking for an excuse to upgrade... most of the time newer devices have better energy efficiency and more RAM always make you and the kernel happy.
But of course always be mindful about your purchases and environment. Please don't use electronics like toilet paper 
Built from the latest master and enabled following the forum howto. Minimal latency on DNS resolution and otherwise transparent. Doesn't need high end hardware. Solved
1 Like
Great.
If you are happy with that consider marking this thread as solved as well.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.