On Jun 10, 2020, at 07:55, Shumon Huque <[email protected]> wrote: > > > > The more I think about all the privacy leaks that have to be plugged at > the DNS and application layers, Tor increasingly looks better as a > general purpose solution (either as a network to funnel DNS messages > through, or even better, having zone operators locate authority servers > inside Tor as hidden services). It has a significant performance cost, > but real privacy always does.
You don’t really mean tor, but you mean a shared pool of resolvers used by a large group that breaks the one on one relationship between queries and answers. It’s fine if we connect to that using DoT or DoH. I said it before, we need to have something like pool.ntp.org for DNS recursives. Where instanced also feed each other and do prefetching. Unfortunately, the competition here is large free DNS providers who kind of do the same thing but for different reasons and for which we don’t know what their privacy and filtering policies will be in 10 years, even if we trust them now. The problem is detecting and ejecting rogue nodes before they can do real harm. Paul _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
