Our results clearly show the centralization problem in DoT/DoH, which indicates that Internet users can only get the DoT/DoH service from a few providers. In this case,
DNS messages cannot be genuinely protected. For example, unscrupulous providers can easily obtain full DNS logs of Internet users, sequentially infer users privacy, such as hobbies, occupations, and health status.
Furthermore, single point of failure, unhealthy data competition, and increased DNS resolution distance affecting performance are also undesirable by-products of the centralization problem.
In the following, we evaluate the current situation of centralization in DoT/DoH recursive resolvers in terms of organization, country and physical location.
One possible solution under the current distribution is to provide an exhaustive well-configured DNS-SP servers list for clients.
Therefore, we visually display all the measurements on the world map to help Internet users choose reliable DNS Strict Privacy servers.