Igor Mitrofanov wrote:
> If it's important enough to do on a single relay, it's important
> enough to do it across the entire network. I bet there are, and will
> always be, plenty of exit node operators not reading this email list,
> or not planning to do anything,
If it's important enough to do on a single relay, it's important
enough to do it across the entire network. I bet there are, and will
always be, plenty of exit node operators not reading this email list,
or not planning to do anything, or not configuring everything
properly, etc.
On Tue, Sep 12,
Ralph Seichter wrote:
> On 12.09.17 23:43, Roman Mamedov wrote:
>
> > > I take it you're being ironic?
> >
> > Guess I failed at doing that well, if you had to clarify. (Or maybe
> > you didn't read my entire message.)
>
> I did read it. Just the pitfalls of non-verbal
On 12.09.17 23:43, Roman Mamedov wrote:
> > I take it you're being ironic?
>
> Guess I failed at doing that well, if you had to clarify. (Or maybe
> you didn't read my entire message.)
I did read it. Just the pitfalls of non-verbal communication, and I'm
also not a native English speaker. ;-)
>
On Tue, 12 Sep 2017 23:28:35 +0200
Ralph Seichter wrote:
> On 12.09.17 23:06, Roman Mamedov wrote:
>
> > Too bad DNS servers are not something a regular person can own, so we
> > have to be at mercy of those shady all-knowing uber-powerful Owners
> > of the DNS Servers.
On 12.09.17 23:06, Roman Mamedov wrote:
> Too bad DNS servers are not something a regular person can own, so we
> have to be at mercy of those shady all-knowing uber-powerful Owners
> of the DNS Servers.
I take it you're being ironic? These days, if you want to get serious
about controlling your
On 12.09.17 23:00, jpmvtd...@laposte.net wrote:
> An attacker can try to find what websites a Tor user has visited, by
> comparing :
> - the timing of Tor user home connection traffic and
> - the timing of DNS queries happening on DNS servers controlled by the
> attacker
I'm aware of that. With
On Tue, 12 Sep 2017 13:43:35 -0700
"Igor Mitrofanov" wrote:
> Alternatively, the Tor community could run our own DNS servers, and every
> exit node would use those by default.
On Tue, 12 Sep 2017 22:11:23 +0200 (CEST)
jpmvtd...@laposte.net wrote:
> from the owner
On 12/09/2017 20:25, Ralph Seichter wrote:
> I'm not certain what you consider a "DNS attack".
>
> Many exit node operators run a caching DNS resolver on their exits,
> which is easily done. Lacking that, you can use the resolvers run by
> your ISP, who can monitor all outbound traffic anyway, as
On 12.09.17 22:43, Igor Mitrofanov wrote:
> Every Tor relay can have a simple resolver built-in, and/or perhaps
> all Tor relays could be running a DHT-style global DNS cache.
"Simple resolver" won't do, IMO. It must be robust and fully DNSSEC
capable, which means reinventing the wheel. There is
@lists.torproject.org
Subject: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
On 12.09.17 22:11, jpmvtd...@laposte.net wrote:
> My idea is designed to protect the exit node against a DNS attack from
> the owner of the DNS server. Not from the ISP or an attacker
> m
On 12.09.17 22:11, jpmvtd...@laposte.net wrote:
> My idea is designed to protect the exit node against a DNS attack from
> the owner of the DNS server. Not from the ISP or an attacker monitoring
> the traffic going in and out of the ISP data center.
I'm not certain what you consider a "DNS
On 12.09.17 21:17, jpmvtd...@laposte.net wrote:
> My idea is to make more DNS queries than necessary, in order to hide
> the useful DNS queries among useless DNS queries.
I'm not sure what you are trying to accomplish. Usually, a DNS query is
followed by an outbound connection to the returned IP
On August 7, 2017 20:07:05 UTC, Igor Mitrofanov wrote:
> The DNS issue is in the "long tail" - rare/unique websites
> are unlikely to be cached, yet they likely represent the
> most interesting targets.
> I do agree that running dnsmasq (or a similar caching resolver) is probably
> sufficient to
TO: Simple DNS resolver for tor exit operators
...and what is dnscrypt supposed to do for a relay? where are the DNS queries
themselves supposed to come out?
i'm yet to hear why a big caching nameserver is insufficient. i'm doing 30mb/s
on an exit node. here's my rndc stats:
[View
...and what is dnscrypt supposed to do for a relay? where are the DNS
queries themselves supposed to come out?
i'm yet to hear why a big caching nameserver is insufficient. i'm
doing 30mb/s on an exit node. here's my rndc stats:
[View: internal]
86635983 IPv6 queries sent
I was wondering about how beneficial DNS Crypt or DNS Privacy would be
for relays. Is anyone using any kind of encryption for their DNS queries
on their relay?
https://networkfilter.blogspot.com/2017/04/be-your-own-vpn-provider-with-openbsd-v2.html#dns
shows how to set up multiple dnscrypt
On Sun, Aug 06, 2017 at 04:03:53PM -0400, Dennis Emory Hannon wrote:
> Guide is meant for debian/linux users
> http://backplanedns.org/TOR_exit_dns_resolver_howto.htm
I think the solution to Google seeing so many DNS requests is more
nuanced. A single organisation seeing that many request is
: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
On Sun, 6 Aug 2017 16:03:53 -0400
"Dennis Emory Hannon" <i...@backplanedns.org> wrote:
> I decided to make a quick starter guide to introduce using a local
> resolver for tor-exit node operators. I'd like t
On Sun, 6 Aug 2017 16:03:53 -0400
"Dennis Emory Hannon" wrote:
> I decided to make a quick starter guide to introduce using a local resolver
> for tor-exit node operators. I'd like to solicit some of your feedback on
> things that should be added or improved upon.
Hello friends,
I decided to make a quick starter guide to introduce using a local resolver
for tor-exit node operators. I'd like to solicit some of your feedback on
things that should be added or improved upon. Hopefully this will be a
living document - My goal is to help lower the amount of TOR
21 matches
Mail list logo