On 8 Oct 2017, at 16:24, Ralph Seichter <[email protected]> wrote:
>> who is aware of the query is not all that matters ; the apparent
>> origin of the query also matters, depending of the position of the
>> attacker.
>
> Sure, but keep in mind: Even if an attacker could gain access to all
> root zone servers, he could not see the necessary follow-up queries on
> TLD level (e.g. country domains, or .com, .net, etc.) and beyond. If I
> looked up host.somedomain.fr, a root zone snoop might show my interest
> in a French domain, but nothing else.
This is only true if your resolver implements QNAME minimisation:
https://tools.ietf.org/html/rfc7816
> Currently, when a resolver receives the query "What is the AAAA record for
> www.example.com?", it sends to the root (assuming a cold resolver, whose
> cache is empty) the very same question. Sending the full QNAME to the
> authoritative name server is a tradition, not a protocol requirement.
Does the version of the recursive resolver you're using
do this?
Or does it send only the minimal name required?
T
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
