[tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
Ralph Seichter
m16+tor at monksofcool.net
Tue Sep 12 21:18:34 UTC 2017
On 12.09.17 23:00, jpmvtd261 at laposte.net wrote:
> An attacker can try to find what websites a Tor user has visited, by
> comparing :
> - the timing of Tor user home connection traffic and
> - the timing of DNS queries happening on DNS servers controlled by the attacker
I'm aware of that. With a caching resolver running on the exit node, the
only "DNS servers controlled by the attacker" would have to be upstream,
the ones required to resolve what the Tor client requested in the first
place. Your idea of query noise does not mitigate the risk of upstream
DNS servers being taken over or monitored by an attacker. I run redundant
DNS servers which host all of my domains (which are DNSSEC signed), and
caching resolvers on all my Tor nodes. That's tough to mess with.
The problem is that people don't always run their own exit-node based
resolvers, but forward to Google's infamous 8.8.8.8 et al. People should
at the very least check if their respective ISP runs caching resolvers,
which most do to reduce traffic.
-Ralph
More information about the tor-relays
mailing list