[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Any plans to fix tor for OpenDNS?




Am 13.11.2008 um 17:26 schrieb Matt LaPlante:

The very nature of OpenDNS conflicts with the concept of anonymity and
privacy.  By using the service, you're not only giving them the
opportunity to track your requests, you're also allowing them to
redirect your lookups to third parties at will.

If you switch off the redirects, this is true for any DNS resolver you might use and not OpenDNS specific.

If your local DNS resolver has not recently been updated and doesn't use random ports for queries it's always better to use OpenDNS for security reasons, since else you are vulnerable by cache poisoning.[1]

For the same reasons, if want to use your own caching resolver, make sure you are using a current version that uses random query ports, and make sure the resolver is NOT behind a NAT router, because NAT destroys the port randomization.

Sven

[1] http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html

Attachment: smime.p7s
Description: S/MIME cryptographic signature