Re: [tor-relays] Fast Exit Node Operators - ISP in US

On Sat, 22 Nov 2014 21:48:21 -0800, Chuck Peters cp@axs.org wrote:

I'm not a fan of OpenNIC because they were, and probably still are, running open resolvers. That means the servers are wide open to be used for reflection attacks, cache poisening and likely numerous other attacks. And they didn't support DNSSEC. And if they aren't logging anything, how do they stop the attacks?

Was not aware of the open resolver attack vector issues with OpenNIC. Could they be stopped by rate limiting?

Does a project exist that supports encryption and pooling the recursive queries, and DNSSEC, other than OpenDNS?

Don't know off-hand but maybe DNSchain is worth a look? http://okturtles.com/