[VERGEBEN] Bachelorthesis: [DNS] DoH Services in the Wild




DNS over HTTPS (DoH) combines the classic DNS protocol (Do53) with transport layer security to improve privacy and security for DNS users. Alongside Google DNS and Cloudflare who may be the most prominent DoH service providers many others support DoH as well.

The goal of this thesis is to provide an extensive overview over currently available DoH services and to highlight similarities and differences in how DoH is implemented.

Main Tasks:

  1. Provide background about Do53[1, 2], HTTP [3] and the DoH [4] standards.
  2. Create an overview over headers supported by HTTP.
  3. Research literature investigating DoH services, implementations and other related work. Summarize the current state of knowledge.
  4. Create an extensive list of DoH Providers and investigate features they offer – are there any differences?
  5. Create an automated environment to analyze available DoH services
    • Send different DoH requests to the list of DoH services (identified in 3) and collect and store request and answer pairs.
    • Which headers do DoH services accept?
    • Which headers are included in the responses?
    • Identify differences in how services handle requests.
    • Give a comprehensive, visual overview over your results.
    • Did you observe any non-standard compliant behavior?
    • Use vagrant and docker to enable automatic deployment of your environment
[1] RFC 1034 – DOMAIN NAMES – CONCEPTS AND FACILITIES (https://www.ietf.org/rfc/rfc1034.txt)
[2] RFC 1035 – DOMAIN NAMES – IMPLEMENTATION AND SPECIFICATION (https://datatracker.ietf.org/doc/html/rfc1035)
[3] RFC 9112 – HTTP/1.1 (https://datatracker.ietf.org/doc/html/rfc9112)
[4] RFC 8484 – DNS Queries over HTTPS (DoH) (https://www.rfc-editor.org/rfc/rfc8484.html)


Contact: M. Sc. Matthias Gierlings, Dr.-Ing. Christian Mainka