adversaries can already see what IP addresses you are connecting to, even though they can't see your DNS queries, they can easily just do a reverse DNS on the IP addresses you connect to, to find out what you were doing.
On 23/01/19 2:32 PM, [email protected] wrote: > In the threat model that I worry about, DNS are part of the problem. If > a malicious entity can put together DNS data with other big data, It can > increases its power and becomes a more dangerous threat. > > But as I said, I lack many networking notions. > > Anyway I find very satisfying the solutions you proposed to me. Thank > you very much. > > Cheers > > Ale > > Il 23/01/19 00:42, eric gisse ha scritto: >> This is what I do: >> >> My tor exit node runs on its own, but I have a full caching bind >> server on a different VM. This services some domains I run, with ACLs >> to do regular DNS. >> >> I use the following DNS servers: >> >> 2606:4700:4700::1111 -- Cloudflare >> 2001:1608:10:25::1c04:b12f -- https://dns.watch/ >> 2600::1 -- Sprint >> >> No individual DNS provider inspires me with amazing confidence, >> however the caching server turns my bind instance into a pretty >> solidly constructed one. >> >> 1) I don't really think v6 snooping/monitoring is "there yet". Thin >> gruel, but still. >> 2) DNS doesn't go out the same stack in the case of v4 requests and >> doesn't go out the same ip for v6. Sure, you can associate to within >> the same /64 but that's just more effort any attacker would have to >> do. >> 3) I cache a LOT. >> >> Check out these nameserver cache statistics: >> >> services /var/log/named # grep -i cache stats >> ++ Cache Statistics ++ >> [View: internal (Cache: internal)] >> 251588520 cache hits >> 452018 cache misses >> 50306019 cache hits (from query) >> 63441802 cache misses (from query) >> >> I cache a LOT. >> >> Think of your threat model - what are you worried about? Is DNS really >> your concern? >> >> On Tue, Jan 22, 2019 at 2:53 AM <[email protected]> wrote: >>> Hello, >>> >>> i'm a student, so I lack many networking notions. >>> >>> Which are the most privacy reliable public dns servers? I don't exactly >>> know how choose a third part DNS server. I read that cloudfare servers are >>> audited by third parties but I'm not sure that I can trust. do you think >>> that audition is trustworthy? >>> >>> Thanks >>> -- >>> Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la >>> brevità ._______________________________________________ >>> tor-relays mailing list >>> [email protected] >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> _______________________________________________ >> tor-relays mailing list >> [email protected] >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
