Re: [tor-relays] dns request capitalization, tor and unbound
That's my thought as well. At any rate, not using a cache for DNS queries would add even more latency to the network. On Jul 9, 2016 10:01 AM, "Petrusko"wrote: > > It shouldn't affect unbound's ability to cache anything. However, I > personally think it is inappropriate to run a DNS cache on an exit > node, because that preserves a record on the exit node of what people > are using it for. > > zw > > Hey, > I'm not an Unbound expert, I think Unbound doesn't log any DNS queries...? > What I know is only statistics can be given with the command > "unbound-control stats", only numbers are shown. > In my unbound.conf, the only log config lines are : > logfile: "/var/log/unbound.log" > use-syslog: no > > And this /var/log/unbound.log doesn't exist on my system... > Is there way to see DNS queries made by users ? > > For me, about privacy, it's not necessary a problem about "knowing what > are doing your Tor users", because if it's not you, it will be your DNS > resolvers... As read before, a lot of Tor exists are using Google DNS :p (I > think it's lol about privacy!) > So the bad guy will know the DNS queries, but he doesn't know who has made > it (only exit IP is shown ?), so privacy is safe ? > > > -- > Petrusko > PubKey EBE23AE5 > C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] dns request capitalization, tor and unbound
> It shouldn't affect unbound's ability to cache anything. However, I > personally think it is inappropriate to run a DNS cache on an exit > node, because that preserves a record on the exit node of what people > are using it for. > > zw Hey, I'm not an Unbound expert, I think Unbound doesn't log any DNS queries...? What I know is only statistics can be given with the command "unbound-control stats", only numbers are shown. In my unbound.conf, the only log config lines are : logfile: "/var/log/unbound.log" use-syslog: no And this /var/log/unbound.log doesn't exist on my system... Is there way to see DNS queries made by users ? For me, about privacy, it's not necessary a problem about "knowing what are doing your Tor users", because if it's not you, it will be your DNS resolvers... As read before, a lot of Tor exists are using Google DNS :p (I think it's lol about privacy!) So the bad guy will know the DNS queries, but he doesn't know who has made it (only exit IP is shown ?), so privacy is safe ? -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] dns request capitalization, tor and unbound
On Sun, Jul 03, 2016 at 09:51:43AM -0400, Zack Weinberg wrote: > However, I personally think it is inappropriate to run a DNS cache on > an exit node, because that preserves a record on the exit node of what > people are using it for. Are you concerned about the DNS cache logging to disk, or about its in-memory data? I would assume the former can be fixed by disabling logging. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] dns request capitalization, tor and unbound
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/03/2016 03:51 PM, Zack Weinberg wrote: > However, I personally think it is inappropriate to run a DNS cache > on an exit node, because that preserves a record on the exit node > of what people are using it for. IMO both statement aren't correct. - -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EAREIAAYFAld5GxYACgkQxOrN3gB26U659QD+PxQmx+KWPO64YBD5GnLxi43l UIcOxiahp/geKv7vv5gA/jWoSUA6k+Vx4lpLPeYqCSMj3kgpCbpIdaMpID+quxRw =yHDD -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] dns request capitalization, tor and unbound
Op 03/07/16 om 15:51 schreef Zack Weinberg: > On Sun, Jul 3, 2016 at 9:25 AM, ajs124wrote: >> >> Afterwards, I noticed that most if not all the DNS request are randomly >> capitalized. >> Does this impact unbound's caching ability? My cache hit/miss ratio is >> around 1/5. > > This is "0x20 encoding", see > https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 > https://isc.sans.edu/diary/Use+of+Mixed+Case+DNS+Queries/12418 and > https://dyn.com/blog/use-of-bit-0x20-in-dns-labels/ . It makes it > harder for a MITM to spoof DNS responses. > > It shouldn't affect unbound's ability to cache anything. However, I > personally think it is inappropriate to run a DNS cache on an exit > node, because that preserves a record on the exit node of what people > are using it for. > > zw Without a cache, every connection takes a second longer to open. Unless you send all DNS requests to Google, but I don't think that's ideal either. In-memory caching of DNS is simply needed for Tor to work properly (and besides, Tor has its own DNS cache as well). Tom ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] dns request capitalization, tor and unbound
On Sun, Jul 3, 2016 at 9:25 AM, ajs124wrote: > > Afterwards, I noticed that most if not all the DNS request are randomly > capitalized. > Does this impact unbound's caching ability? My cache hit/miss ratio is around > 1/5. This is "0x20 encoding", see https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 https://isc.sans.edu/diary/Use+of+Mixed+Case+DNS+Queries/12418 and https://dyn.com/blog/use-of-bit-0x20-in-dns-labels/ . It makes it harder for a MITM to spoof DNS responses. It shouldn't affect unbound's ability to cache anything. However, I personally think it is inappropriate to run a DNS cache on an exit node, because that preserves a record on the exit node of what people are using it for. zw ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] dns request capitalization, tor and unbound
Hey, I recently started running my first two exit relays. Since it was mentioned on the mailing list a while back and seem like a reasonable thing to do, I installed and configured unbound. Afterwards, I noticed that most if not all the DNS request are randomly capitalized. Does this impact unbound's caching ability? My cache hit/miss ratio is around 1/5. What is the reason for changing the capitalization? Best regards ajs124 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays