[tor-dev] DNSSEC

merc1984 at f-m.fm merc1984 at f-m.fm
Sat Aug 30 23:35:27 UTC 2014

Does anyone know why TOR does not use DNSSEC?  The only documentation I
found on the TORProject website for DNS does not actually explain how
DNS works on TOR.  I infer it must be TCP, as TOR can not do UDP, and I
imagine that relay nodes must be the resolvers in order to resolve
.onion domains.  But beyond that there is no information on how it

Seems to me that the lack of DNSSEC in TOR is a gigantic security hole.
(DNS cache poisoning)

http://www.fastmail.fm - Access your email from home and the web

More information about the tor-dev mailing list