We introduce NinjaDoH, a novel DNS over HTTPS (DoH) protocol that leverages the InterPlanetary Name System (IPNS), along with public cloud infrastructure, to create a censorship-resistant moving target DoH service. NinjaDoH is specifically designed to evade traditional censorship methods that involve blocking DoH servers by IP addresses or domains by continually altering the server's network identifiers, significantly increasing the complexity of effectively censoring NinjaDoH traffic without disruption of other web traffic. We also present an analysis that quantifies the DNS query latency and financial costs of running our implementation of this protocol as a service. Further tests assess the ability of NinjaDoH to elude detection mechanisms, including both commercial firewall products and advanced machine learning-based detection systems. The results broadly support NinjaDoH's efficacy as a robust, moving target DNS solution that can ensure continuous and secure internet access in environments with heavy DNS-based censorship.

翻译：本文提出NinjaDoH，一种基于HTTPS的DNS（DoH）新型协议。该协议结合星际名称系统（IPNS）与公共云基础设施，构建出具备抗审查能力的移动目标DoH服务。NinjaDoH通过持续变更服务器网络标识，专门规避依赖IP地址或域名封锁DoH服务器的传统审查手段，从而在避免干扰其他网络流量的前提下，显著提升对NinjaDoH流量实施有效审查的复杂度。本文同时通过量化分析，评估了将该协议实现为服务时的DNS查询延迟与经济成本。进一步测试检验了NinjaDoH规避检测机制的能力，包括商用防火墙产品与基于机器学习的先进检测系统。实验结果总体表明，NinjaDoH作为一种强健的移动目标DNS解决方案，能在实施严格DNS审查的网络环境中持续保障安全可靠的互联网访问。