[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Fast Exit Node Operators - ISP in US
Seth said:
> On Sat, 22 Nov 2014 18:46:18 -0800, ZEROF <security@xxxxxxxxxxxxxx> wrote:
>
> >I use servernames without logging from this this list
> >http://wiki.opennicproject.org/Tier2 (France).
> Great resource of logless DNS servers, I'm a big fan of OpenNIC.
I'm not a fan of OpenNIC because they were, and probably still are,
running open resolvers. That means the servers are wide open to be used
for reflection attacks, cache poisening and likely numerous other
attacks. And they didn't support DNSSEC. And if they aren't logging
anything, how do they stop the attacks?
http://www.opennicproject.org/ says "so at least you are not tracked
through your DNS requests." Saying it doesn't make it true. DNS wasn't
designed with privacy built in, so how can they actually do that?
> Have you bothered to encrypt DNS traffic by setting up
> dnscrypt-proxy or the like? These days it's something I include as
> standard.
Does a project exist that supports encryption and pooling the recursive
queries, and DNSSEC, other than OpenDNS?
Chuck
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays