[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: transparent forced dns-'proxy' on Exit-Node - is it ok?

I don't know the technicals of DNS but it sounds like a great idea to
me. One of the major problems tor faces (IMHO) is DNS resolution which
isn't perfect.

On 1/9/07, herfel@xxxxxxx <herfel@xxxxxxx> wrote:

for reasons that are not relevant to the question, my tor-node 'cannot'
function as an exit-node. However I was thinking that it would be possible
for me, to use iptables to force-route all outgoing dns-requests from the
tor-IP to my local dns-server, who would then make outgoing queries to it's
upstream dns-servers etc. Since we have a fast server and plenty of
bandwidth and reliable DNS (that do not much around with things), I think
this ould be helpful (in a small way) for improving DNS-resolution on the
However I can see how some people could see this as a negative thing,
because in cases where tor-users wanted to specifically talk with certain
DNS-Servers, or wanted to use non-dns udp-traffic on port 53, which for some
reason happened to look very much like dns-traffic, well, those people would
be annoyed, because they'd keep getting potentially "wrong" answers,
possibly in a way that they wouldn't be aware of right away.

Is there a policy on this? If not, I'd be interested in hearing opinions
(with arguments) about whether you'd find this helpful or hurtful; or
whether I should just forget about the idea.

Thanks and Regards

Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer