Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

Igor Mitrofanov wrote: > If it's important enough to do on a single relay, it's important > enough to do it across the entire network. I bet there are, and will > always be, plenty of exit node operators not reading this email list, > or not planning to do anything,

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

If it's important enough to do on a single relay, it's important enough to do it across the entire network. I bet there are, and will always be, plenty of exit node operators not reading this email list, or not planning to do anything, or not configuring everything properly, etc. On Tue, Sep 12,

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

Ralph Seichter wrote: > On 12.09.17 23:43, Roman Mamedov wrote: > > > > I take it you're being ironic? > > > > Guess I failed at doing that well, if you had to clarify. (Or maybe > > you didn't read my entire message.) > > I did read it. Just the pitfalls of non-verbal

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 23:43, Roman Mamedov wrote: > > I take it you're being ironic? > > Guess I failed at doing that well, if you had to clarify. (Or maybe > you didn't read my entire message.) I did read it. Just the pitfalls of non-verbal communication, and I'm also not a native English speaker. ;-) >

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On Tue, 12 Sep 2017 23:28:35 +0200 Ralph Seichter wrote: > On 12.09.17 23:06, Roman Mamedov wrote: > > > Too bad DNS servers are not something a regular person can own, so we > > have to be at mercy of those shady all-knowing uber-powerful Owners > > of the DNS Servers.

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 23:06, Roman Mamedov wrote: > Too bad DNS servers are not something a regular person can own, so we > have to be at mercy of those shady all-knowing uber-powerful Owners > of the DNS Servers. I take it you're being ironic? These days, if you want to get serious about controlling your

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 23:00, jpmvtd...@laposte.net wrote: > An attacker can try to find what websites a Tor user has visited, by > comparing : > - the timing of Tor user home connection traffic and > - the timing of DNS queries happening on DNS servers controlled by the > attacker I'm aware of that. With

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On Tue, 12 Sep 2017 13:43:35 -0700 "Igor Mitrofanov" wrote: > Alternatively, the Tor community could run our own DNS servers, and every > exit node would use those by default. On Tue, 12 Sep 2017 22:11:23 +0200 (CEST) jpmvtd...@laposte.net wrote: > from the owner

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12/09/2017 20:25, Ralph Seichter wrote: > I'm not certain what you consider a "DNS attack". > > Many exit node operators run a caching DNS resolver on their exits, > which is easily done. Lacking that, you can use the resolvers run by > your ISP, who can monitor all outbound traffic anyway, as

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 22:43, Igor Mitrofanov wrote: > Every Tor relay can have a simple resolver built-in, and/or perhaps > all Tor relays could be running a DHT-style global DNS cache. "Simple resolver" won't do, IMO. It must be robust and fully DNSSEC capable, which means reinventing the wheel. There is

Re: [tor-relays] Email suggesting to send DNS requests to a specific open DNS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 FWIW https://nymity.ch/tor-dns/ - -- Toralf PGP C4EACDDE 0076E94E -BEGIN PGP SIGNATURE- iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWbhJhxccdG9yYWxmLmZv ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTpv2AP9kJ8gHOBENl1T1H9V8GKHNl56L

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

I wonder if these are all half-measures, and Tor needs a first-class solution to the DNS weakness. Every Tor relay can have a simple resolver built-in, and/or perhaps all Tor relays could be running a DHT-style global DNS cache. In case of a cache miss, the exit relay could build a circuit to

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 22:11, jpmvtd...@laposte.net wrote: > My idea is designed to protect the exit node against a DNS attack from > the owner of the DNS server. Not from the ISP or an attacker monitoring > the traffic going in and out of the ISP data center. I'm not certain what you consider a "DNS

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 21:17, jpmvtd...@laposte.net wrote: > My idea is to make more DNS queries than necessary, in order to hide > the useful DNS queries among useless DNS queries. I'm not sure what you are trying to accomplish. Usually, a DNS query is followed by an outbound connection to the returned IP

Re: [tor-relays] >18k 'Machiavelli' bridges added since 2017-09-02 (>4k currently running = 64% of bridges)

Andrea transcribed 1.2K bytes: > On 07/09/2017 02:16, nusenu wrote: > > Hi, > > > > do you know anything about >18k Machiavelli named bridges that have been > > added in the last few days? (>4k currently running) > > Hi, > > I started a relay node called "Machiavelli" about 1 year ago, and I

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On August 7, 2017 20:07:05 UTC, Igor Mitrofanov wrote: > The DNS issue is in the "long tail" - rare/unique websites > are unlikely to be cached, yet they likely represent the > most interesting targets. > I do agree that running dnsmasq (or a similar caching resolver) is probably > sufficient to

Re: [tor-relays] Email suggesting to send DNS requests to a specific open DNS

This guy sure is persistent! Check out this recent thread: https://lists.torproject.org/pipermail/tor-relays/2017-September/012934.html On Sep 12, 2017 11:17, wrote: > Hello, > > Recently, I installed a new Tor exit node. A few days later, I received an > email on the

Re: [tor-relays] Would you also like to have family-level atlas pages?

Hi All, This is clearly something that operators want. > https://nos-oignons.net/Services/index.en.html This looks like a great idea. I can't promise immediate progress on this, but I'll file a trac ticket shortly and hopefully progress can be made soon. Thanks, Iain.