On August 7, 2017 20:07:05 UTC, Igor Mitrofanov <igor.n.mitrofanov at gmail.com> wrote:
The DNS issue is in the "long tail" - rare/unique websites are unlikely to be cached, yet they likely represent the most interesting targets. I do agree that running dnsmasq (or a similar caching resolver) is probably sufficient to make DNS attacks too unreliable to invest in.
I have an idea to improve the efficiency of this solution (DNS cache). My idea is to make more DNS queries than necessary, in order to hide the useful DNS queries among useless DNS queries.
What do you think about this ?
A basic implementation of that improvement would be a script run as a daemon that fetches the IP of a random domain name at a random time. The domain name being built from random characters or chosen from a list of valid (rarely visited) domain names. The average number of dummy DNS queries per day being equal to the number of useful DNS queries the exit node has to do per day (it doubles the DNS traffic). The list of valid (rarely visited) domain names needs to be changed over time (one entry at a time).
A more advanced implementation of that improvement is to only allow the exit node to perform DNS queries by bunch of three. Of the three queries, two are dummy and random, one is useful. The position of the useful query in the bunch (position 1, position 2, or position 3) is chosen randomly.