Measurement And Improvement Of DNS-over-HTTPS Performance In China

The Domain Name System(DNS)is a critical piece of infrastructure for the Internet,but it was designed to be transmitted in unencrypted message,a flaw that is constantly exploited to compromise the security and privacy of users.DNS over HTTPS(DoH)has been proposed as a DNS security enhancement that uses encrypted DNS to replace traditional DNS,and has been standardised and gained widespread industry support due to its advantages of being resistant to traffic analysis and ease of deployment.When users choose to use DoH,they usually pay an additional price for the enhanced security by default,but these costs should be within acceptable limits.It is therefore worthwhile to measure how DoH has changed in terms of performance features compared to traditional DNS,and to what extent it has affected the user experience.It is also important to understand the current state of DoH deployment and its shortcomings,and to target improvements to the problems identified,in order to complete the protocol,guide its wider deployment and strengthen DNS security.There have been several DoH-related measurements,but no systematic study of the current state of DoH deployment in China,which,as an important part of the global Internet and the largest independent network,is still a gap in DoH ecological research.In addition,according to our survey,there are almost no domestic DoH studies based on the perspective of Chinese Internet users,which undoubtedly hinders the promotion of DoH and the enhancement of DNS security in China.This paper conducts the first measurement of DoH practices in China and provides specific analysis based on the measurement data,suggesting corresponding improvements,with the following main research elements.(1)Encrypted DNS is an important theoretical basis for the entire text,and 8 evaluation criteria under 3 categories are proposed to conduct a comparative study of encrypted DNS,which visually reveals the development of encrypted DNS.(2)Designing a specific measurement scheme for DoH practices in China,proposing a comprehensive set of measurement metrics,measurement methods and evaluation methods to comprehensively measure DoH performance,and proposing solutions to problems such as DoH server addresses being difficult to discover and DoH traffic being difficult to analyse.(3)11 specific conclusions were obtained from the analysis of the measurement results,which analyzed the impact of DoH on Chinese users’ browsing experience,the availability of different DoH servers,and the current situation of DoH in China,supplementing some of the gaps in the current DoH ecological research.Based on the specific findings,key issues and special phenomena are further distilled,and the main difficulties and obstacles in the current DoH development are summarised.The corresponding improvement methods are proposed in three aspects: enhancing DoH security,improving DoH performance,and promoting DoH deployment,which are of reference significance for protocol improvement and strengthening DNS security construction,and will contribute to the further research of DoH ecosystem.