Op 03/07/16 om 15:51 schreef Zack Weinberg:
On Sun, Jul 3, 2016 at 9:25 AM, ajs124 tor@ajs124.de wrote:
Afterwards, I noticed that most if not all the DNS request are randomly capitalized. Does this impact unbound's caching ability? My cache hit/miss ratio is around 1/5.
This is "0x20 encoding", see https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 https://isc.sans.edu/diary/Use+of+Mixed+Case+DNS+Queries/12418 and https://dyn.com/blog/use-of-bit-0x20-in-dns-labels/ . It makes it harder for a MITM to spoof DNS responses.
It shouldn't affect unbound's ability to cache anything. However, I personally think it is inappropriate to run a DNS cache on an exit node, because that preserves a record on the exit node of what people are using it for.
zw
Without a cache, every connection takes a second longer to open. Unless you send all DNS requests to Google, but I don't think that's ideal either.
In-memory caching of DNS is simply needed for Tor to work properly (and besides, Tor has its own DNS cache as well).
Tom