[tor-relays] dnsmasq configuration for an exit relay (Debian)
Ralph Seichter
m16+tor at monksofcool.net
Sun Oct 8 19:03:23 UTC 2017
On 08.10.17 20:48, Igor Mitrofanov wrote:
> Unbound's upstream requests can be intercepted and used in traffic
> correlation just like any other.
I thought I expressed myself clearly enough, but I'll try one more time.
Unbound, or any other resolver, can either a) perform the recursive
lookup or b) delegate the lookup. Case a) is preferable in regards to
profiling because it does not involve additional third-party servers
that have nothing to do with the query. Case b) involves third-party
servers, so it offers more points where traffic can be analysed. Looking
up host.somedomain.tld should, if no cached data is available, only
involve one of the root zone servers, one server for the tld zone, and
one server for the somedomain zone. It should not involve a resolver run
by Google or other parties that have no business in knowing that my Tor
node just looked up host.somedomain.tld.
> Yes, Unbound follows the recursive protocol and works with the
> hierarchy from the root DNS servers down, but your ISP can still
> observe your entire DNS activity.
I have explicitly stated "If the ISP hosting the Tor node has resolvers
for their customers, these can be used as well, *since the ISP sees all
outgoing traffic anyway*". Are you deliberately trying to misunderstand
me?
-Ralph
More information about the tor-relays
mailing list