10 Jan
2015
10 Jan
'15
2:35 a.m.
On Fri, Jan 9, 2015 at 9:18 PM, cacahuatl cacahuatl@autistici.org wrote:
If you're caching exit traffic and a very naughty person uses your exit, you've potentially cached "evidence" (to be seized).
That logic applies equally to DNS; indeed, it is why the CMU Tor exit *doesn't* run a DNS cache.
(It talks to CMU's DNS servers, which do cache, but for the entire network.)
(If you can't trust your network provider's DNS resolver, the tradeoff may be different.)
zw