View article

The recently proposed DNS-over-HTTPS (DoH) protocol is becoming increasingly popular in addressing the privacy concerns of exchanging plain-text DNS messages over potentially malicious transit networks (e.g., mass surveillance at ISPs). By employing HTTPS to encrypt DNS communications, DoH traffic inherently becomes indistinguishable from regular encrypted Web traffic, rendering active disruption (e.g., downgrading to the plain-text DNS) by transit networks extremely hard. In this work, we investigate whether DoH traffic is indeed indistinguishable from encrypted Web traffic. To this end, we collect several DoH traffic traces corresponding to 25 resolvers (including major ones, e.g., Google and Cloudftare) by visiting thousands of domains in Alexa's list of top-ranked websites at different geographical locations and environments. Based on the collected traffic, we train a machine learning model to classify …