[tor-relays] Fast Exit Node Operators - ISP in US
Chuck Peters
cp at axs.org
Sun Nov 23 05:48:21 UTC 2014
Seth said:
> On Sat, 22 Nov 2014 18:46:18 -0800, ZEROF <security at netmajstor.com> wrote:
>
> >I use servernames without logging from this this list
> >http://wiki.opennicproject.org/Tier2 (France).
> Great resource of logless DNS servers, I'm a big fan of OpenNIC.
I'm not a fan of OpenNIC because they were, and probably still are,
running open resolvers. That means the servers are wide open to be used
for reflection attacks, cache poisening and likely numerous other
attacks. And they didn't support DNSSEC. And if they aren't logging
anything, how do they stop the attacks?
http://www.opennicproject.org/ says "so at least you are not tracked
through your DNS requests." Saying it doesn't make it true. DNS wasn't
designed with privacy built in, so how can they actually do that?
> Have you bothered to encrypt DNS traffic by setting up
> dnscrypt-proxy or the like? These days it's something I include as
> standard.
Does a project exist that supports encryption and pooling the recursive
queries, and DNSSEC, other than OpenDNS?
Chuck
More information about the tor-relays
mailing list