Internet measurement, security, and privacy research heavily relies on Internet domain top lists, which provide a set of purportedly popular or commonly used domains to investigate. Existing top lists, such as Alexa, Cisco Umbrella, and Tranco, have been used in hundreds of prior academic studies, making it a critical research resource. However, researchers have identified numerous issues with existing top lists, including a lack of transparency into the list data sources and construction methods, high volatility, and easy ranking manipulation. Despite these flaws, these top lists remain widely used today due to a lack of alternatives.
In this work, we explore building a top list using an extensive passive DNS (PDNS) dataset from one of the largest DNS service providers, 114 public DNS from scratch (similar to Cisco’s OpenDNS). PDNS has been widely used in both academia and industry, making it a more transparent and accessible top list data source. We propose a voting-based domain ranking method, where individual IP addresses express their domain preferences, and the global top list ranking is produced across IP addresses through a voting mechanism. We empirically evaluate our top list design, demonstrating that it achieves better stability and manipulation resistance than existing top lists, while serving as an open and transparent ranking method that other researchers can use or adapt.