Discovery of Designated Resolvers Protocol Analysis

This technical report presents an analysis of the Discovery of Designated Resolvers (DDR) protocol, which aims to facilitate the transition from unencrypted to encrypted DNS traffic. The report outlines the significance of DNS encryption in enhancing user privacy and addresses the challenges associated with the manual transition to encrypted DNS. It details a large-scale measurement study conducted on over 27 million DNS resolvers to evaluate their support for DDR. The findings indicate that a notable number of resolvers support DDR, yet many advertised encrypted resolvers fail to respond to DNS queries. The report also discusses the prevalence of various encrypted DNS protocols, highlighting that DNS over HTTPS (DoH) is the most widely supported, while DNS over QUIC (DoQ) remains less common. Furthermore, it raises concerns regarding the centralization of DNS services, as a significant percentage of DDR resolvers redirect clients to major cloud providers, potentially undermining the intended privacy benefits of DDR. The report concludes with recommendations for improving the effectiveness of DDR deployment.