On 08.10.17 20:48, Igor Mitrofanov wrote:
Unbound's upstream requests can be intercepted and used in traffic correlation just like any other.
I thought I expressed myself clearly enough, but I'll try one more time. Unbound, or any other resolver, can either a) perform the recursive lookup or b) delegate the lookup. Case a) is preferable in regards to profiling because it does not involve additional third-party servers that have nothing to do with the query. Case b) involves third-party servers, so it offers more points where traffic can be analysed. Looking up host.somedomain.tld should, if no cached data is available, only involve one of the root zone servers, one server for the tld zone, and one server for the somedomain zone. It should not involve a resolver run by Google or other parties that have no business in knowing that my Tor node just looked up host.somedomain.tld.
Yes, Unbound follows the recursive protocol and works with the hierarchy from the root DNS servers down, but your ISP can still observe your entire DNS activity.
I have explicitly stated "If the ISP hosting the Tor node has resolvers for their customers, these can be used as well, *since the ISP sees all outgoing traffic anyway*". Are you deliberately trying to misunderstand me?
-Ralph