The flip side is that, against such an adversary, using a DNS server that supports encryption ofqueries and responses is probably more important than it being local.
I like to chain unbound up to dnscrypt-proxy in order to encrypt DNS traffic for this very reason.
dnscrypt-proxy frequently is unable to keep up however, so I currently have unbound configured to make queries directly if dnscrypt-proxy is not responding.
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays