Of course. But, as far as I know, you can host multiple domains to the same ip. So, in such case, if you only know the ip you can't tell what domain I visit.
It's just that I don't understand why the public dns providers claim to improve privacy.
Il 23/01/19 09:01, Rose ha scritto:
adversaries can already see what IP addresses you are connecting to, even though they can't see your DNS queries, they can easily just do a reverse DNS on the IP addresses you connect to, to find out what you were doing.
On 23/01/19 2:32 PM, dns1983@riseup.net wrote:
In the threat model that I worry about, DNS are part of the problem. If a malicious entity can put together DNS data with other big data, It can increases its power and becomes a more dangerous threat.
But as I said, I lack many networking notions.
Anyway I find very satisfying the solutions you proposed to me. Thank you very much.
Cheers
Ale
Il 23/01/19 00:42, eric gisse ha scritto:
This is what I do:
My tor exit node runs on its own, but I have a full caching bind server on a different VM. This services some domains I run, with ACLs to do regular DNS.
I use the following DNS servers:
2606:4700:4700::1111 -- Cloudflare 2001:1608:10:25::1c04:b12f -- https://dns.watch/ 2600::1 -- Sprint
No individual DNS provider inspires me with amazing confidence, however the caching server turns my bind instance into a pretty solidly constructed one.
- I don't really think v6 snooping/monitoring is "there yet". Thin
gruel, but still. 2) DNS doesn't go out the same stack in the case of v4 requests and doesn't go out the same ip for v6. Sure, you can associate to within the same /64 but that's just more effort any attacker would have to do. 3) I cache a LOT.
Check out these nameserver cache statistics:
services /var/log/named # grep -i cache stats ++ Cache Statistics ++ [View: internal (Cache: internal)] 251588520 cache hits 452018 cache misses 50306019 cache hits (from query) 63441802 cache misses (from query)
I cache a LOT.
Think of your threat model - what are you worried about? Is DNS really your concern?
On Tue, Jan 22, 2019 at 2:53 AM dns1983@riseup.net wrote:
Hello,
i'm a student, so I lack many networking notions.
Which are the most privacy reliable public dns servers? I don't exactly know how choose a third part DNS server. I read that cloudfare servers are audited by third parties but I'm not sure that I can trust. do you think that audition is trustworthy?
Thanks
Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la brevità._______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays