subject:"\[tor\-relays\] dns request capitalization, tor and unbound"

Re: [tor-relays] dns request capitalization, tor and unbound

2016-07-09 Thread Tristan

That's my thought as well. At any rate, not using a cache for DNS queries
would add even more latency to the network.
On Jul 9, 2016 10:01 AM, "Petrusko"  wrote:

>
> It shouldn't affect unbound's ability to cache anything.  However, I
> personally think it is inappropriate to run a DNS cache on an exit
> node, because that preserves a record on the exit node of what people
> are using it for.
>
> zw
>
> Hey,
> I'm not an Unbound expert, I think Unbound doesn't log any DNS queries...?
> What I know is only statistics can be given with the command
> "unbound-control stats", only numbers are shown.
> In my unbound.conf, the only log config lines are :
> logfile: "/var/log/unbound.log"
> use-syslog: no
>
> And this /var/log/unbound.log doesn't exist on my system...
> Is there way to see DNS queries made by users ?
>
> For me, about privacy, it's not necessary a problem about "knowing what
> are doing your Tor users", because if it's not you, it will be your DNS
> resolvers... As read before, a lot of Tor exists are using Google DNS :p (I
> think it's lol about privacy!)
> So the bad guy will know the DNS queries, but he doesn't know who has made
> it (only exit IP is shown ?), so privacy is safe ?
>
>
> --
> Petrusko
> PubKey EBE23AE5
> C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] dns request capitalization, tor and unbound

2016-07-09 Thread Petrusko


> It shouldn't affect unbound's ability to cache anything.  However, I
> personally think it is inappropriate to run a DNS cache on an exit
> node, because that preserves a record on the exit node of what people
> are using it for.
>
> zw
Hey,
I'm not an Unbound expert, I think Unbound doesn't log any DNS queries...?
What I know is only statistics can be given with the command
"unbound-control stats", only numbers are shown.
In my unbound.conf, the only log config lines are :
logfile: "/var/log/unbound.log"
use-syslog: no

And this /var/log/unbound.log doesn't exist on my system...
Is there way to see DNS queries made by users ?

For me, about privacy, it's not necessary a problem about "knowing what
are doing your Tor users", because if it's not you, it will be your DNS
resolvers... As read before, a lot of Tor exists are using Google DNS :p
(I think it's lol about privacy!)
So the bad guy will know the DNS queries, but he doesn't know who has
made it (only exit IP is shown ?), so privacy is safe ?

-- 
Petrusko
PubKey EBE23AE5
C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] dns request capitalization, tor and unbound

2016-07-08 Thread Philipp Winter

On Sun, Jul 03, 2016 at 09:51:43AM -0400, Zack Weinberg wrote:
> However, I personally think it is inappropriate to run a DNS cache on
> an exit node, because that preserves a record on the exit node of what
> people are using it for.

Are you concerned about the DNS cache logging to disk, or about its
in-memory data?  I would assume the former can be fixed by disabling
logging.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] dns request capitalization, tor and unbound

2016-07-03 Thread Toralf Förster

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/03/2016 03:51 PM, Zack Weinberg wrote:
> However, I personally think it is inappropriate to run a DNS cache
> on an exit node, because that preserves a record on the exit node
> of what people are using it for.
IMO both statement aren't correct.

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAld5GxYACgkQxOrN3gB26U659QD+PxQmx+KWPO64YBD5GnLxi43l
UIcOxiahp/geKv7vv5gA/jWoSUA6k+Vx4lpLPeYqCSMj3kgpCbpIdaMpID+quxRw
=yHDD
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] dns request capitalization, tor and unbound

2016-07-03 Thread Tom van der Woerdt

Op 03/07/16 om 15:51 schreef Zack Weinberg:
> On Sun, Jul 3, 2016 at 9:25 AM, ajs124  wrote:
>>
>> Afterwards, I noticed that most if not all the DNS request are randomly 
>> capitalized.
>> Does this impact unbound's caching ability? My cache hit/miss ratio is 
>> around 1/5.
> 
> This is "0x20 encoding", see
> https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00
> https://isc.sans.edu/diary/Use+of+Mixed+Case+DNS+Queries/12418 and
> https://dyn.com/blog/use-of-bit-0x20-in-dns-labels/ .  It makes it
> harder for a MITM to spoof DNS responses.
> 
> It shouldn't affect unbound's ability to cache anything.  However, I
> personally think it is inappropriate to run a DNS cache on an exit
> node, because that preserves a record on the exit node of what people
> are using it for.
> 
> zw

Without a cache, every connection takes a second longer to open. Unless
you send all DNS requests to Google, but I don't think that's ideal either.

In-memory caching of DNS is simply needed for Tor to work properly (and
besides, Tor has its own DNS cache as well).

Tom
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] dns request capitalization, tor and unbound

2016-07-03 Thread Zack Weinberg

On Sun, Jul 3, 2016 at 9:25 AM, ajs124  wrote:
>
> Afterwards, I noticed that most if not all the DNS request are randomly 
> capitalized.
> Does this impact unbound's caching ability? My cache hit/miss ratio is around 
> 1/5.

This is "0x20 encoding", see
https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00
https://isc.sans.edu/diary/Use+of+Mixed+Case+DNS+Queries/12418 and
https://dyn.com/blog/use-of-bit-0x20-in-dns-labels/ .  It makes it
harder for a MITM to spoof DNS responses.

It shouldn't affect unbound's ability to cache anything.  However, I
personally think it is inappropriate to run a DNS cache on an exit
node, because that preserves a record on the exit node of what people
are using it for.

zw
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] dns request capitalization, tor and unbound

2016-07-03 Thread ajs124

Hey,

I recently started running my first two exit relays.

Since it was mentioned on the mailing list a while back and seem like a 
reasonable thing to do, I installed and configured unbound.

Afterwards, I noticed that most if not all the DNS request are randomly 
capitalized.
Does this impact unbound's caching ability? My cache hit/miss ratio is around 
1/5.

What is the reason for changing the capitalization?

Best regards
ajs124
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] dns request capitalization, tor and unbound

Re: [tor-relays] dns request capitalization, tor and unbound

Re: [tor-relays] dns request capitalization, tor and unbound

Re: [tor-relays] dns request capitalization, tor and unbound

Re: [tor-relays] dns request capitalization, tor and unbound

Re: [tor-relays] dns request capitalization, tor and unbound

[tor-relays] dns request capitalization, tor and unbound

7 matches

Site Navigation

Mail list logo

Footer information