[tor-relays] DNS Server

dns1983 at riseup.net dns1983 at riseup.net
Wed Jan 23 06:32:59 UTC 2019 

In the threat model that I worry about, DNS are part of the problem. If 
a malicious entity can put together DNS data with other big data, It can 
increases its power and becomes a more dangerous threat.

But as I said, I lack many networking notions.

Anyway I find very satisfying the solutions you proposed to me. Thank 
you very much.

Cheers

Ale

Il 23/01/19 00:42, eric gisse ha scritto:
> This is what I do:
>
> My tor exit node runs on its own, but I have a full caching bind
> server on a different VM. This services some domains I run, with ACLs
> to do regular DNS.
>
> I use the following DNS servers:
>
> 2606:4700:4700::1111 -- Cloudflare
> 2001:1608:10:25::1c04:b12f -- https://dns.watch/
> 2600::1 -- Sprint
>
> No individual DNS provider inspires me with amazing confidence,
> however the caching server turns my bind instance into a pretty
> solidly constructed one.
>
> 1) I don't really think v6 snooping/monitoring is "there yet". Thin
> gruel, but still.
> 2) DNS doesn't go out the same stack in the case of v4 requests and
> doesn't go out the same ip for v6. Sure, you can associate to within
> the same /64 but that's just more effort any attacker would have to
> do.
> 3) I cache a LOT.
>
> Check out these nameserver cache statistics:
>
> services /var/log/named # grep -i cache stats
> ++ Cache Statistics ++
> [View: internal (Cache: internal)]
>             251588520 cache hits
>                452018 cache misses
>              50306019 cache hits (from query)
>              63441802 cache misses (from query)
>
> I cache a LOT.
>
> Think of your threat model - what are you worried about? Is DNS really
> your concern?
>
> On Tue, Jan 22, 2019 at 2:53 AM <dns1983 at riseup.net> wrote:
>> Hello,
>>
>> i'm a student, so I lack many networking notions.
>>
>> Which are the most privacy reliable public dns servers? I don't exactly know how choose a third part DNS server. I read that cloudfare servers are audited by third parties but I'm not sure that I can trust. do you think that audition is trustworthy?
>>
>> Thanks
>> --
>> Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la brevità._______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20190123/85e5bbea/attachment.html>

More information about the tor-relays mailing list