Efficient DNS over HTTPS servers discovery method: A voting-based stacked ensemble model with secure connection metadata

In today's rapidly developing internet landscape, user privacy and data security have become paramount concerns for both the public and enterprises. Traditional DNS queries transmitted in plaintext are susceptible to various security threats. DNS over HTTPS (DoH) emerged to address these concerns by encapsulating DNS queries within the HTTPS protocol, thereby enhancing the security and privacy of DNS queries. However, due to the complexity of DoH's configuration and the inefficiency of existing discovery methods, significant challenges remain in discovering and utilizing DoH servers. Most current methods for discovering publicly accessible DoH servers are time-consuming and resource-demanding and do not comprehensively gather information. To address these issues, this study proposes an Efficient active DoH Discovery Method based on Secure Connection Metadata, abbreviated as EDDM-SCM, improving the DoH discovery process to encompass both IP addresses and domain names of the public DoH servers. Specifically, the method extracts key features from TLS and HTTPS connection information and employs a voting-based stacked ensemble model (VBSEM) to construct a DoH server filtering mechanism. This approach addresses the challenge of positive sample scarcity and effectively prevents model overfitting. Experimental results demonstrate that this method can identify over 95% of DoH servers while improving time efficiency by at least 70%, significantly reducing network resource consumption. Our findings revealed over 20,000 DoH servers, providing a novel and effective solution for actively discovering public DoH servers. This facilitates the widespread adoption and decentralization of DoH services.