On Sat, Jan 10, 2015 at 10:58 PM, Richard Johnson rdump@river.com wrote:
It is especially a good idea to have your own local DNS resolver if you run Tor exits at an institution that's required to otherwise log DNS queries.
Tor needs a separate (and non-logging) DNS resolution system to prevent the institution from being presumed aware of Tor users' lookups.
That this also protects Tor users from having their DNS queries logged is good as well, but that isn't necessarily the driver for the institution. ;)
Do not presume that pointing dns locally prevents passive monitors anywhere along your network graph of clearnet hops from seeing your dns queries there. And ultimately, exit IP can be observed and correlated from the roots down with increasing difficulty. That said, yes, local is still better, and often more performant, than pointing to a privacy joke like google.