There is a newer version of the record available.

Published June 10, 2021 | Version v1
Dataset Open

List of DNS over HTTPS resolvers on the internet

  • 1. FEL CTU
  • 2. FIT CTU & CESNET z.s.p.o.
  • 3. Avast s.r.o.
  • 4. CESNET z.s.p.o

Description

The DoH Internet Servers dataset comprises a verified list of Internet servers offering DNS over HTTPS (DoH) service. The list was created by active scanning of the IPv4 address space. The scanning was done in April and May in 2021. The list contains 931 different IP addresses with their reverse DNS record, supported DoH method, and TLS 1.3 support. 

The scanning was done in three phases:

  1. We scanned the IPv4 address space for opened port 443 using masscan. 
  2. IP addresses found in the previous step were scanned for DoH support using a custom Nmap-NSE script.
  3. The IP addresses found in previous steps were reached by a slower python script that also validated responses, obtained domain names.

 

Scanning limitation: The main limitation of our scanning was that it could not find DoH resolvers hosted on infrastructures hosting multiple services behind a single IP address. In such cases, an SNI, or HTTP Host header, or HTTP/2 :authority header is needed for a successful request. Since we did not have the SNI, it was impossible to provide it. 

Used Scripts:

NMap: https://github.com/cejkato2/dns-doh.nse
Python: https://github.com/hynekkar/DoH-Checker

 

 

 

Files

DoH-Resolvers-List.csv

Files (71.6 kB)

Name Size Download all
md5:7801f5603fbb8248b1351e2047310cc2
71.6 kB Preview Download