[tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?
Petrusko
petrusko at riseup.net
Sun Oct 16 20:54:08 UTC 2016
Thx for this share.
But I'm not sure how Unbound is "speaking" with the roots DNS servers...
Somewhere I've read that DNS queries can be forwarded by a "man in the
middle", and the server operator can't be sure about this :s
An ISP is able to do it with your "private server" hosted behind your
ISP's router...
I see DNSsec to crypt DNS queries from a client to a server, but for
sure it's not possible to use it with roots DNS servers...
16/10/2016 22:02, Tristan :
> TL;DR, if I understand how Tor relays work, Unbound (or any local DNS
> server) should see a request for example.com <http://example.com>
> coming from localhost or 127.0.0.1. It answers the request, stores it
> in cache just in case, rinse and repeat. The machine running the exit
> relay is the one that makes the DNS request, so the only thing you'd
> get from looking at the DNS cache would be a "Top 100 Websites This
> Tor Relay Visits" sort of list.
>
> From what I could find, a DNS cache contains the hostname and its
> associated IP address, nothing more. From what I understand, even if a
> DNS cache saved the source of the request, it should save "127.0.0.1"
> or "localhost" as the source, since exit nodes are the source of the
> request, and simply forward the response back to the client.
>
> I couldn't find anything specific about Unbound, but it seems like
> there isn't a proper way to read the DNS cache anyway unless you can
> somehow decode the binary file. I suppose if you know the specific
> cache file, you could copy it to a different machine with Unbound
> installed, and possibly extract data from that, but this theory
> assumes the cache is saved to the hard drive, and it's probably only
> stored in RAM.
--
Petrusko
PubKey EBE23AE5
C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161016/56ba0cfc/attachment-0001.sig>
More information about the tor-relays
mailing list