[tor-relays] DNS Server
eric gisse
jowr.pi at gmail.com
Tue Jan 22 23:42:31 UTC 2019
This is what I do:
My tor exit node runs on its own, but I have a full caching bind
server on a different VM. This services some domains I run, with ACLs
to do regular DNS.
I use the following DNS servers:
2606:4700:4700::1111 -- Cloudflare
2001:1608:10:25::1c04:b12f -- https://dns.watch/
2600::1 -- Sprint
No individual DNS provider inspires me with amazing confidence,
however the caching server turns my bind instance into a pretty
solidly constructed one.
1) I don't really think v6 snooping/monitoring is "there yet". Thin
gruel, but still.
2) DNS doesn't go out the same stack in the case of v4 requests and
doesn't go out the same ip for v6. Sure, you can associate to within
the same /64 but that's just more effort any attacker would have to
do.
3) I cache a LOT.
Check out these nameserver cache statistics:
services /var/log/named # grep -i cache stats
++ Cache Statistics ++
[View: internal (Cache: internal)]
251588520 cache hits
452018 cache misses
50306019 cache hits (from query)
63441802 cache misses (from query)
I cache a LOT.
Think of your threat model - what are you worried about? Is DNS really
your concern?
On Tue, Jan 22, 2019 at 2:53 AM <dns1983 at riseup.net> wrote:
>
> Hello,
>
> i'm a student, so I lack many networking notions.
>
> Which are the most privacy reliable public dns servers? I don't exactly know how choose a third part DNS server. I read that cloudfare servers are audited by third parties but I'm not sure that I can trust. do you think that audition is trustworthy?
>
> Thanks
> --
> Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la brevità ._______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list