[tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
spaceman
spaceman at antispaceman.com
Mon Dec 21 00:04:48 UTC 2015
Hi,
Although I cannot say how secure this configuration is but you can run this
kind of setup client side as well. So:
Bind --> DNSCrypt Proxy --> Tor --> DNSCrypt Compatible Server
The secret here is to force DNSCrypt to run over TCP only which can then be
redirected through a Tor TransPort. This allows you to do several types of
queries that tors own DNS port cannot do (such as SRV for xmpp). Dual stackers
beware as you will default to IPv6 if you use this setup. You will need to
block UDP port 443 as DNSCrypt proxy checks if it is available annoyingly
leaving you exposed.
Again I cannot provide analysis as to whether this is secure as DNSCrypt could
be sending personally identifiable information without my knowledge as I
haven't read the source code for DNSCrypt.
Regards,
spaceman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151221/e8882fe3/attachment.sig>
More information about the tor-relays
mailing list