On Jun 30, 2019, at 8:32 PM, Matt Westfall mwestfall@ecansol.com wrote:
Just set your exit relay DNS to 8.8.8.8 and 1.1.1.1 I mean dns traffic isn't bulk traffic, let google and CloudFlare do the “work"
Utilizing Google DNS (and possibly Cloudflare DNS) provides a significant security flaw that allows outside entities to determine what Tor network users are looking at. Utilizing your own DNS server, a trusted DNS server, or just running Unbound on the same instance is significantly more secure.
Google DNS keeps their logs…Cloudflare claims to wipe after 24 hours, but what’s not known if there’s an open FISA, for example, to continuously turn over Tor originated DNS requests over that 24 hour period.
There’s multiple Open Source Intelligence sources that have developed that governments are doing this exact thing to monitor Tor users, amongst other things. I would say this, a friend of mine who previously worked with the US IC says run Unbound or use trusted DNS.
Thanks,
Conrad Rockenhaus https://www.greyponyit.com/