Large Scale Measurement on the Adoption of Encrypted DNS

Several encryption proposals for DNS have been presented since 2016, but their adoption was not comprehensively studied yet. This research measured the current adoption of DoH (DNS over HTTPS), DoT (DNS over TLS), and DoQ (DNS over QUIC) for five months at the beginning of 2021 by three different organizations with global coverage. By comparing the total values, amount of requests per user, and the seasonality of the traffic, it was possible to obtain the current adoption trends. Moreover, we actively scanned the Internet for still-unknown working DoH servers and we compared them with a novel curated list of well-known DoH servers. We conclude that despite growing in 2020, during the first five months of 2021 there was statistically significant evidence that the average amount of Internet traffic for DoH, DoT and DoQ remained stationary. However, we found that the amount of, still unknown and ready to use, DoH servers grew 4 times. These measurements suggest that even though the amount of encrypted DNS is currently not growing, there may probably be more connections soon to those unknown DoH servers for benign and malicious purposes.

[1]  Christian Rossow,et al.  Padding Ain't Enough: Assessing the Privacy Guarantees of Encrypted DNS , 2019, FOCI @ USENIX Security Symposium.

[2]  Gordon Fyodor Lyon,et al.  Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .

[3]  Chase Cotton,et al.  An investigation on information leakage of DNS over TLS , 2019, CoNEXT.

[4]  Nick Feamster,et al.  How DNS over HTTPS is Reshaping Privacy, Performance, and Policy in the Internet Ecosystem , 2019, SSRN Electronic Journal.

[5]  S. Singh,et al.  Detecting Malicious DNS over HTTPS Traffic Using Machine Learning , 2020, 2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT).

[6]  Houssain Kettani,et al.  On the Impact of DNS Over HTTPS Paradigm on Cyber Systems , 2020, 2020 3rd International Conference on Information and Computer Technologies (ICICT).

[7]  Paul E. Hoffman,et al.  DNS Queries over HTTPS (DoH) , 2018, RFC.

[8]  Karel Hynek,et al.  Privacy Illusion: Beware of Unpadded DoH , 2020, 2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON).

[9]  Christian Huitema,et al.  Specification of DNS over Dedicated QUIC Connections , 2019 .

[10]  Benny Pinkas,et al.  DNS Cache-Based User Tracking , 2019, NDSS.

[11]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[12]  Arash Habibi Lashkari,et al.  Detection of DoH Tunnels using Time-series Classification of Encrypted Traffic , 2020, 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech).

[13]  Yaser M. Banadaki,et al.  Detecting Malicious DNS over HTTPS Traffic in Domain Name System using Machine Learning Classifiers , 2020, Journal of Computer Sciences and Applications.

[14]  Carmela Troncoso,et al.  Encrypted DNS -> Privacy? A Traffic Analysis Perspective , 2019, NDSS.

[15]  Casey T. Deccio,et al.  DNS privacy in practice and preparation , 2019, CoNEXT.

[16]  Ying Liu,et al.  An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come? , 2019, Internet Measurement Conference.

[17]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[18]  Paul E. Hoffman,et al.  Specification for DNS over Transport Layer Security (TLS) , 2016, RFC.

[19]  Hannes Federrath,et al.  Behavior-based tracking: Exploiting characteristic patterns in DNS traffic , 2013, Comput. Secur..

[20]  Vaibhav Bajpai,et al.  Measuring DNS over TLS from the Edge: Adoption, Reliability, and Response Times , 2021, PAM.

[21]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[22]  Paul E. Hoffman Representing DNS Messages in JSON , 2018, RFC.

[23]  Jason Livingood,et al.  DNS over HTTPS (DoH) Considerations for Operator Networks , 2019 .

[24]  Veronica Valeros,et al.  Dataset of DNS over HTTPS (DoH) Internet Servers , 2021 .