On Mon, 25 Jul 2011, Jacob Appelbaum wrote:
I don't know about his config - but we plan that ttdnsd will ask Tor for
answers that Tor can answer - those answers are the most safe to use
over Tor. Then the other queries will go upstream and out to an upstream
server such as 8.8.8.8 or wherever.
ttdnsd is just a transport relay for dns over tcp with no real knowledge of
DNS(SEC). It would be much better to use a DNSSEC aware nameserver, so avoid
needing to rely on Tor Nodes or directory servers. Not to say the least about
trustig google(!!!) of all places with anonymity.
As far as I know, no one will ever add the first mode to unbound and the
second one is untested. That is why people use ttdnsd. If unbounded
becomes Tor aware, I'd be happy to never use ttdnsd again. :)
I have no idea about what "first" and "second" mode you are talking about.
Paul
Try this unbound patch, and set unbound to use tcp only in unbound.conf
using
do-udp:no and do-tcp:yes.
I've sent this to the tor people before, but they haven't gotten back to me
with test results. If we have positive results, we might be able to
convince
Wouter to make the below patch a runtime option.
Yes, I haven't yet applied this patch to test it. It's in my queue.
All the best,
Jake
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
