[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

To: "'Roman Mamedov'" <rm@xxxxxxxxxxx>
Subject: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
From: "Dennis Emory Hannon" <info@xxxxxxxxxxxxxxxx>
Date: Sun, 6 Aug 2017 16:28:46 -0400
Cc: tor-relays@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 06 Aug 2017 16:29:17 -0400
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=backplanedns.org; h=from :to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding; s= backplanedns.org; bh=RtOgh3VK5kIRMoSggkKLNIzL6qE=; b=PKS1zgsTkau ir81sOJhm+RzLTadumlY7k9vIaa41Avo4iJCMT+h/L+pq3C9QrYXAOu/k9rH/Uta Gq4XZdRBirF+jziSIddJ11tg2nLnjbQdIkgmsT/BZfKypNkSUVsT/B7keT6pjFdL UYg49NdH0K9Zpf9gyiewGBtJo2oJwtAk=
In-reply-to: <20170807011650.53c52034@natsu>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <012e01d30eef$219609d0$64c21d70$@backplanedns.org> <20170807011650.53c52034@natsu>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQHetkngYdOho3TtoDYzmvfaHZm0AQMUW7w7okfVauA=

https://backplanedns.org/TOR_exit_dns_resolver_howto.htm 

I took the liberty in including the S for you.

-Dennis

-----Original Message-----
From: Roman Mamedov [mailto:rm@xxxxxxxxxxx] 
Sent: Sunday, August 06, 2017 4:17 PM
To: Dennis Emory Hannon
Cc: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On Sun, 6 Aug 2017 16:03:53 -0400
"Dennis Emory Hannon" <info@xxxxxxxxxxxxxxxx> wrote:

> I decided to make a quick starter guide to introduce using a local 
> resolver for tor-exit node operators. I'd like to solicit some of your 
> feedback on things that should be added or improved upon. Hopefully 
> this will be a living document - My goal is to help lower the amount 
> of TOR exit relays using 3rd party DNS providers for client DNS 
> lookups. While it doesn't address all security concerns, it's a 
> necessary step to improving anonymity of TOR's users. Let me know what you
think.
> 
> Guide is meant for debian/linux users
> http://backplanedns.org/TOR_exit_dns_resolver_howto.htm

> ...
> in the clearweb are being probably being logged. In this simple 
> tutorial ...

Your tutorial is in the clearweb itself, and probably not only being logged,
but also can be MITMed to include all sorts of malicious instructions and/or
rewrite the recommended third party resolver IPs to an attacker-controlled
ones.

Why not use HTTPS for the website? Doubly weird that you want to educate
others on security topics, and then don't follow the best practices
yourself.

--
With respect,
Roman

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
  - From: Dennis Emory Hannon
- Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
  - From: Roman Mamedov

Prev by Author: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
Next by Author: [tor-relays] significant rise in fail2ban alerts for ssh abuse
Previous by thread: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
Next by thread: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
Index(es):
- Author
- Thread