[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers



On Sat, Jan 10, 2015 at 10:58 PM, Richard Johnson <rdump@xxxxxxxxx> wrote:
> It is especially a good idea to have your own local DNS resolver if you run
> Tor exits at an institution that's required to otherwise log DNS queries.
>
> Tor needs a separate (and non-logging) DNS resolution system to prevent the
> institution from being presumed aware of Tor users' lookups.
>
> That this also protects Tor users from having their DNS queries logged is
> good as well, but that isn't necessarily the driver for the institution. ;)

Do not presume that pointing dns locally prevents passive monitors
anywhere along your network graph of clearnet hops from seeing your
dns queries there. And ultimately, exit IP can be observed and correlated
from the roots down with increasing difficulty. That said, yes, local is still
better, and often more performant, than pointing to a privacy joke like google.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays