Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

Igor Mitrofanov wrote: > If it's important enough to do on a single relay, it's important > enough to do it across the entire network. I bet there are, and will > always be, plenty of exit node operators not reading this email list, > or not planning to do anything,

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

If it's important enough to do on a single relay, it's important enough to do it across the entire network. I bet there are, and will always be, plenty of exit node operators not reading this email list, or not planning to do anything, or not configuring everything properly, etc. On Tue, Sep 12,

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

Ralph Seichter wrote: > On 12.09.17 23:43, Roman Mamedov wrote: > > > > I take it you're being ironic? > > > > Guess I failed at doing that well, if you had to clarify. (Or maybe > > you didn't read my entire message.) > > I did read it. Just the pitfalls of non-verbal

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 23:43, Roman Mamedov wrote: > > I take it you're being ironic? > > Guess I failed at doing that well, if you had to clarify. (Or maybe > you didn't read my entire message.) I did read it. Just the pitfalls of non-verbal communication, and I'm also not a native English speaker. ;-) >

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On Tue, 12 Sep 2017 23:28:35 +0200 Ralph Seichter wrote: > On 12.09.17 23:06, Roman Mamedov wrote: > > > Too bad DNS servers are not something a regular person can own, so we > > have to be at mercy of those shady all-knowing uber-powerful Owners > > of the DNS Servers.

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 23:06, Roman Mamedov wrote: > Too bad DNS servers are not something a regular person can own, so we > have to be at mercy of those shady all-knowing uber-powerful Owners > of the DNS Servers. I take it you're being ironic? These days, if you want to get serious about controlling your

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 23:00, jpmvtd...@laposte.net wrote: > An attacker can try to find what websites a Tor user has visited, by > comparing : > - the timing of Tor user home connection traffic and > - the timing of DNS queries happening on DNS servers controlled by the > attacker I'm aware of that. With

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On Tue, 12 Sep 2017 13:43:35 -0700 "Igor Mitrofanov" wrote: > Alternatively, the Tor community could run our own DNS servers, and every > exit node would use those by default. On Tue, 12 Sep 2017 22:11:23 +0200 (CEST) jpmvtd...@laposte.net wrote: > from the owner

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12/09/2017 20:25, Ralph Seichter wrote: > I'm not certain what you consider a "DNS attack". > > Many exit node operators run a caching DNS resolver on their exits, > which is easily done. Lacking that, you can use the resolvers run by > your ISP, who can monitor all outbound traffic anyway, as

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 22:43, Igor Mitrofanov wrote: > Every Tor relay can have a simple resolver built-in, and/or perhaps > all Tor relays could be running a DHT-style global DNS cache. "Simple resolver" won't do, IMO. It must be robust and fully DNSSEC capable, which means reinventing the wheel. There is

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

@lists.torproject.org Subject: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators On 12.09.17 22:11, jpmvtd...@laposte.net wrote: > My idea is designed to protect the exit node against a DNS attack from > the owner of the DNS server. Not from the ISP or an attacker > m

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 22:11, jpmvtd...@laposte.net wrote: > My idea is designed to protect the exit node against a DNS attack from > the owner of the DNS server. Not from the ISP or an attacker monitoring > the traffic going in and out of the ISP data center. I'm not certain what you consider a "DNS

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On 12.09.17 21:17, jpmvtd...@laposte.net wrote: > My idea is to make more DNS queries than necessary, in order to hide > the useful DNS queries among useless DNS queries. I'm not sure what you are trying to accomplish. Usually, a DNS query is followed by an outbound connection to the returned IP

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On August 7, 2017 20:07:05 UTC, Igor Mitrofanov wrote: > The DNS issue is in the "long tail" - rare/unique websites > are unlikely to be cached, yet they likely represent the > most interesting targets. > I do agree that running dnsmasq (or a similar caching resolver) is probably > sufficient to

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

TO: Simple DNS resolver for tor exit operators ...and what is dnscrypt supposed to do for a relay? where are the DNS queries themselves supposed to come out? i'm yet to hear why a big caching nameserver is insufficient. i'm doing 30mb/s on an exit node. here's my rndc stats: [View

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

...and what is dnscrypt supposed to do for a relay? where are the DNS queries themselves supposed to come out? i'm yet to hear why a big caching nameserver is insufficient. i'm doing 30mb/s on an exit node. here's my rndc stats: [View: internal] 86635983 IPv6 queries sent

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

I was wondering about how beneficial DNS Crypt or DNS Privacy would be for relays. Is anyone using any kind of encryption for their DNS queries on their relay? https://networkfilter.blogspot.com/2017/04/be-your-own-vpn-provider-with-openbsd-v2.html#dns shows how to set up multiple dnscrypt

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On Sun, Aug 06, 2017 at 04:03:53PM -0400, Dennis Emory Hannon wrote: > Guide is meant for debian/linux users > http://backplanedns.org/TOR_exit_dns_resolver_howto.htm I think the solution to Google seeing so many DNS requests is more nuanced. A single organisation seeing that many request is

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

: Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators On Sun, 6 Aug 2017 16:03:53 -0400 "Dennis Emory Hannon" <i...@backplanedns.org> wrote: > I decided to make a quick starter guide to introduce using a local > resolver for tor-exit node operators. I'd like t

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On Sun, 6 Aug 2017 16:03:53 -0400 "Dennis Emory Hannon" wrote: > I decided to make a quick starter guide to introduce using a local resolver > for tor-exit node operators. I'd like to solicit some of your feedback on > things that should be added or improved upon.

[tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

Hello friends, I decided to make a quick starter guide to introduce using a local resolver for tor-exit node operators. I'd like to solicit some of your feedback on things that should be added or improved upon. Hopefully this will be a living document - My goal is to help lower the amount of TOR