Treffer: E-DoH: elegantly detecting the depths of open DoH service on the internet.

In recent years, DoE methods have been regarded as a novel trend within the realm of the DNS ecosystem. Measuring these DoE services in the wild can promote improvements in DoE methods and facilitate their widespread adoption. A primary requirement for measuring DoE methods is the discovery of these services. The discovery is relatively straightforward for DoT and DoQ, but complex for DoH since it shares port 443 with web services as suggested in RFC 8484. Although previous works primarily analyze the surface of the DoH service, they (1) result in long detection time and large traffic volume by adopting an enumeration strategy to discover the DoH service; (2) lack an in-depth analysis of the status of upper-layer DNS services. In this paper, we propose the E-DoH method for elegant, efficient, and in-depth DoH service measurement. First, we propose a measurement mechanism to enable a single DoH connection to accomplish multiple tasks including service discovery, correctness validation, and dependency construction with minimal backend configuration. Second, we propose a dynamic protocol negotiation strategy to enhance probing efficiency while significantly reducing the required traffic volume. Based on the above optimization methods, we conducted an exploration of the IPv4 space and performed an in-depth analysis of DoH based on the collected information. Through experiments, our approach demonstrates a remarkable 80% improvement in time efficiency and only requires 4–20% traffic volume to complete the detection task. In wild detection, our approach discovered 46k DoH services, which nearly doubles the number discovered by the state-of-the-art. This indicates the growing trend of DoH services. Based on the collected information, we present several intriguing conclusions about the current DoH service ecosystem. [ABSTRACT FROM AUTHOR]

Copyright of Cybersecurity (2523-3246) is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)