Thx for this share.
But I'm not sure how Unbound is "speaking" with the roots DNS servers... Somewhere I've read that DNS queries can be forwarded by a "man in the middle", and the server operator can't be sure about this :s An ISP is able to do it with your "private server" hosted behind your ISP's router...
I see DNSsec to crypt DNS queries from a client to a server, but for sure it's not possible to use it with roots DNS servers...
16/10/2016 22:02, Tristan :
TL;DR, if I understand how Tor relays work, Unbound (or any local DNS server) should see a request for example.com http://example.com coming from localhost or 127.0.0.1. It answers the request, stores it in cache just in case, rinse and repeat. The machine running the exit relay is the one that makes the DNS request, so the only thing you'd get from looking at the DNS cache would be a "Top 100 Websites This Tor Relay Visits" sort of list.
From what I could find, a DNS cache contains the hostname and its associated IP address, nothing more. From what I understand, even if a DNS cache saved the source of the request, it should save "127.0.0.1" or "localhost" as the source, since exit nodes are the source of the request, and simply forward the response back to the client.
I couldn't find anything specific about Unbound, but it seems like there isn't a proper way to read the DNS cache anyway unless you can somehow decode the binary file. I suppose if you know the specific cache file, you could copy it to a different machine with Unbound installed, and possibly extract data from that, but this theory assumes the cache is saved to the hard drive, and it's probably only stored in RAM.