[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] DNS Server
adversaries can already see what IP addresses you are connecting to,
even though they can't see your DNS queries, they can easily just do a
reverse DNS on the IP addresses you connect to, to find out what you
were doing.
On 23/01/19 2:32 PM, dns1983@xxxxxxxxxx wrote:
> In the threat model that I worry about, DNS are part of the problem. If
> a malicious entity can put together DNS data with other big data, It can
> increases its power and becomes a more dangerous threat.
>
> But as I said, I lack many networking notions.
>
> Anyway I find very satisfying the solutions you proposed to me. Thank
> you very much.
>
> Cheers
>
> Ale
>
> Il 23/01/19 00:42, eric gisse ha scritto:
>> This is what I do:
>>
>> My tor exit node runs on its own, but I have a full caching bind
>> server on a different VM. This services some domains I run, with ACLs
>> to do regular DNS.
>>
>> I use the following DNS servers:
>>
>> 2606:4700:4700::1111 -- Cloudflare
>> 2001:1608:10:25::1c04:b12f -- https://dns.watch/
>> 2600::1 -- Sprint
>>
>> No individual DNS provider inspires me with amazing confidence,
>> however the caching server turns my bind instance into a pretty
>> solidly constructed one.
>>
>> 1) I don't really think v6 snooping/monitoring is "there yet". Thin
>> gruel, but still.
>> 2) DNS doesn't go out the same stack in the case of v4 requests and
>> doesn't go out the same ip for v6. Sure, you can associate to within
>> the same /64 but that's just more effort any attacker would have to
>> do.
>> 3) I cache a LOT.
>>
>> Check out these nameserver cache statistics:
>>
>> services /var/log/named # grep -i cache stats
>> ++ Cache Statistics ++
>> [View: internal (Cache: internal)]
>> 251588520 cache hits
>> 452018 cache misses
>> 50306019 cache hits (from query)
>> 63441802 cache misses (from query)
>>
>> I cache a LOT.
>>
>> Think of your threat model - what are you worried about? Is DNS really
>> your concern?
>>
>> On Tue, Jan 22, 2019 at 2:53 AM <dns1983@xxxxxxxxxx> wrote:
>>> Hello,
>>>
>>> i'm a student, so I lack many networking notions.
>>>
>>> Which are the most privacy reliable public dns servers? I don't exactly know how choose a third part DNS server. I read that cloudfare servers are audited by third parties but I'm not sure that I can trust. do you think that audition is trustworthy?
>>>
>>> Thanks
>>> --
>>> Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la brevità._______________________________________________
>>> tor-relays mailing list
>>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays