[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- To: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- From: "Nathaniel Suchy (Lunorian)" <me@xxxxxxxxxxx>
- Date: Fri, 11 May 2018 07:55:31 -0400
- Arc-authentication-results: i=1; auth=pass smtp.auth=me@xxxxxxxxxxx smtp.mailfrom=me@xxxxxxxxxxx
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1526039732; h=from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post; bh=Mn+ARWzW5B9L+U6ZACZvifMwN9sd+Mo7+OwJgJfXYBE=; b=D22uTIyQrPY2DJJyKgOpfzM+olMnhF8ivQR5ZId2BJjyaC1/QGxzjBfyg75Gc9XwaY3FS9 AykebK0oglm21m9UZVyOEoKgMKHh7o9EGrggOBoLyEVOWelddxbw8j3O7b7JM1l+jWq/nR I/hmNaJhptH2nr5Y2n5i5lSQCfhETwH3IRMHoQaWHimBwGG2Si6kuAleAP+LofOAJCrayP 0ZPBnJ+fPQNXCfwGGYBegA7fnEeEAqaj2cQFTPlL+MkGBrsiDUi/+KgqB6ko6xwZoXukVr IfusPBINyIT0k5vpHLf7QXC2nEsW0Z4QAGMoCQL4ODlpWm5fiLgne0ur3Bq+hA==
- Arc-seal: i=1; s=dkim; d=lunorian.is; t=1526039732; a=rsa-sha256; cv=none; b=BF3tPuS/cLr4N+Vkoyx0ioQ89LMnAvPgl5tNYJmQOYXPWusG+kwNhbuR+TvD02XrqBu9wnLxIK7lQWyKEFLqJQHN3vH9kzhBrd+bEfSJTb3pL5M0C3P9kiY/h/LozRpXgVh7PlDZ1NFfqVB/SPBjifEWRylBSX0us4Ep1Kxaw8cXaUB+0abSDxsumuEO0mIzv694pm56JRBxBYMAUY3VsGzEG+EuQNrXiYZkiizVspP/0FAv8I4fCh+LcuLYL5j66TOWzg0reroeOtJLrHQre1++H6V/RJXHdh1UVvYunuUfG72fVMk4/l5isUTLU42Vz7vVB4nc3NHajCNyGDxvXg==
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Fri, 11 May 2018 07:55:55 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1526039732; h=from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post; bh=Mn+ARWzW5B9L+U6ZACZvifMwN9sd+Mo7+OwJgJfXYBE=; b=VSfBT2mMAGoSQzSwml26JnKs1ykt5XSf2BrME/EN4VcE0lSN3OUgC336qR0aUdTjGaqnnh 9rjYpw1J4B2O2a2X7s1/1VZlNVtNkO1XFo7CLqgCrXmVPRYK5GVZ/+uSObhUSoW5Cujkzw K9b2PHlQ/VKzDo7nlHf3IICCEY66kuacMX915QOuvGNbg5gYVAzSlTvGfkTJUekm1+tLnF omONwnWh2gYYtzkjevLW4xJbq9uMPeE6bb76nV/jd/u51OliN7bgsX5ypROgCHWEoZARom 6mqbyPOd69uId0LmPw8jrrPtOAjL6dub26a/2Ha4CJh+QcwiMRsLcuSN1w2BBg==
- In-reply-to: <57c450a9-90f4-ac97-4eca-f414df642c0d@riseup.net>
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- References: <5e7d99ef-9514-cee4-985f-7f1d4a21dfec@riseup.net> <a518aa08-871d-afaf-819f-6e4bee01fb20@enn.lu> <57c450a9-90f4-ac97-4eca-f414df642c0d@riseup.net>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
I’m quite worried about the number of relays using Google DNS. With Google DNS, Google gets to know a Tor exit proxied X website at X time. I don’t think they can be trusted with this information.
As for privacy concerns: Google claims these logs are only stored for up to 48 hours. It worries me that the information could be demanded by the FISA Courts (Google would have to comply by law) and three letter agencies would get access to Tor user’s browsing habits. I know the same could happen with any DNS resolver although due to the size of Google Public DNS the logs are a goldmine.
I have the same, if not worse concerns with Cloudflare’s Public DNS (1.1.1.1).
Now I have the burden of providing an alternative, it’s only fair I do so after criticism of the use of Google DNS. My first thought is to use ISP DNS if it’s available - one of the best things about Tor is the split of trust so why aren’t we doing that with DNS? Another alternative is to use trusted recursive DNSCrypt Resolvers (for example dnscrypt.ca - there are plenty of resolvers like this so use a search engine of your choice to find them). I actually really like the idea of using DNSCrypt resolvers opposed to commercial DNS provided by ISPs. Thoughts?
As always,
Thanks for running Tor Exits
Sent from my iPhone
> On May 11, 2018, at 4:15 AM, nusenu <nusenu-lists@xxxxxxxxxx> wrote:
>
>
>
> Tyler Durden:
>> All our nodes are using a local DNS caching server and only use google
>> as a fallback.
>> The situation is very unlikely to change unless there is a major player
>> on "our side" which offers a free, censorship-free, resilient and stable
>> DNS Service.
>
> can you describe your (hard) resolver requirements so we can try
> to find Google alternatives for you?
>
> thank you for running exits!
> nusenu
>
> --
> https://mastodon.social/@nusenu
> twitter: @nusenu_
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- References:
- [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)