Thx for this share.

But I'm not sure how Unbound is "speaking" with the roots DNS servers...
Somewhere I've read that DNS queries can be forwarded by a "man in the
middle", and the server operator can't be sure about this :s
An ISP is able to do it with your "private server" hosted behind your
ISP's router...

I see DNSsec to crypt DNS queries from a client to a server, but for
sure it's not possible to use it with roots DNS servers...

16/10/2016 22:02, Tristan :
> TL;DR, if I understand how Tor relays work, Unbound (or any local DNS
> server) should see a request for <>
> coming from localhost or It answers the request, stores it
> in cache just in case, rinse and repeat. The machine running the exit
> relay is the one that makes the DNS request, so the only thing you'd
> get from looking at the DNS cache would be a "Top 100 Websites This
> Tor Relay Visits" sort of list.
> From what I could find, a DNS cache contains the hostname and its
> associated IP address, nothing more. From what I understand, even if a
> DNS cache saved the source of the request, it should save ""
> or "localhost" as the source, since exit nodes are the source of the
> request, and simply forward the response back to the client.
> I couldn't find anything specific about Unbound, but it seems like
> there isn't a proper way to read the DNS cache anyway unless you can
> somehow decode the binary file. I suppose if you know the specific
> cache file, you could copy it to a different machine with Unbound
> installed, and possibly extract data from that, but this theory
> assumes the cache is saved to the hard drive, and it's probably only
> stored in RAM.

PubKey EBE23AE5
C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5

Attachment: signature.asc
Description: OpenPGP digital signature

tor-relays mailing list

Reply via email to