[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Mon, 12 Jan 2015 00:32:56 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 12 Jan 2015 00:33:08 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=5xdn9/JziYlQ7wIRr2TlO5rrDH9al252apEhCy/DhPk=; b=faFtVut2RzLAhK84ezO+1xz3qz8ikmrcccSfpbOl4zJdGDKBE0rlSHWjJBZf+3ZJFs YYa9cUqHVRCduIK9qyyMd1yyTdqineD8TIICYqbzXTDwhnOZAaod6NK1yfOsbVN0OErN vJeULrtkfr725HtbG9J+nE3bICsXI0wAYQAcYf71ilwUL4p6myM0uoe1YURe2TrGBga6 vd6kHHB3o1+j0yJlLwIVPRuDPKrDO6w35mCPB29ICarxfjc8KIsussx8wVAKhGyx06i9 THTiUgtDnxGa+XAxvWU17Q8ImaaLrImIx3akg+bd+vIamUJom2EHl6brMR5Oovx4d3lJ Cs0w==
In-reply-to: <54B1F4E6.1000303@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuwe8_nZkPH-RhaRjxapfvgDVThiSxteZ+SoC9Lx+WCQ5g@xxxxxxxxxxxxxx> <54B1F4E6.1000303@xxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sat, Jan 10, 2015 at 10:58 PM, Richard Johnson <rdump@xxxxxxxxx> wrote:
> It is especially a good idea to have your own local DNS resolver if you run
> Tor exits at an institution that's required to otherwise log DNS queries.
>
> Tor needs a separate (and non-logging) DNS resolution system to prevent the
> institution from being presumed aware of Tor users' lookups.
>
> That this also protects Tor users from having their DNS queries logged is
> good as well, but that isn't necessarily the driver for the institution. ;)

Do not presume that pointing dns locally prevents passive monitors
anywhere along your network graph of clearnet hops from seeing your
dns queries there. And ultimately, exit IP can be observed and correlated
from the roots down with increasing difficulty. That said, yes, local is still
better, and often more performant, than pointing to a privacy joke like google.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers
  - From: Nick Mathewson
- Re: [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers
  - From: Richard Johnson

Prev by Author: [tor-relays] badexit 03F84EA2E09CF427A519C65479DC0BF0D72886A6
Next by Author: Re: [tor-relays] Reminder: don't run transparent proxies at exits
Previous by thread: Re: [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers
Next by thread: [tor-relays] badexit 03F84EA2E09CF427A519C65479DC0BF0D72886A6
Index(es):
- Author
- Thread