Unless configured otherwise, Dnsmasq chooses a server from the list randomly, so the more servers the operator specifies in dnsmasq.conf, the less traffic each server gets. This increases the diversity of DNS requests, complicating traffic analysis for any adversary that controls some, but not all, links between the host and the DNS servers.
With a large-enough cache and sufficient uptime dnsmasq effectively becomes a mini-DNS server that stores IP addresses for the vast majority of sites that Tor users ever visit. With little to no outgoing DNS traffic from the host, DNS-assisted correlation ("DefecTor") becomes impractical for anyone, including the hosting provider. Combined with very low resource utilization of dnsmasq, running it on an Exit node improves anonymity for the majority of Tor users at almost zero cost. The only scenario where a cache does not help is resolving rare hostnames that nobody has visited yet, but even in this case, with multiple upstream DNS servers only an adversary controlling the AS is guaranteed to intercept the request.
I have not seen any research papers that would indicate that the cost of running a full DNS server on an Exit relay is worthwhile and that it improves anonymity substantially more compared to a lightweight cache resolver. If you know of any, please share, and I'll be happy to change my mind.
- Igor
On Sun, Oct 8, 2017 at 1:03 AM, Ralph Seichter m16+tor@monksofcool.net wrote:
On 08.10.17 09:47, Toralf Förster wrote:
IMO there's absolutely no advantage of using external DNS servers.
"No advantage" is putting it too mildly. Manually specifying upstream servers runs contrary to the very reason to have a resolver on the Tor node in the first place, which is to only involve the necessary minimum set of servers for each query.
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays