[tor-relays] DNS Server
dns1983 at riseup.net
dns1983 at riseup.net
Wed Jan 23 10:23:50 UTC 2019
Of course. But, as far as I know, you can host multiple domains to the
same ip. So, in such case, if you only know the ip you can't tell what
domain I visit.
It's just that I don't understand why the public dns providers claim to
improve privacy.
Il 23/01/19 09:01, Rose ha scritto:
> adversaries can already see what IP addresses you are connecting to,
> even though they can't see your DNS queries, they can easily just do a
> reverse DNS on the IP addresses you connect to, to find out what you
> were doing.
>
> On 23/01/19 2:32 PM, dns1983 at riseup.net wrote:
>> In the threat model that I worry about, DNS are part of the problem. If
>> a malicious entity can put together DNS data with other big data, It can
>> increases its power and becomes a more dangerous threat.
>>
>> But as I said, I lack many networking notions.
>>
>> Anyway I find very satisfying the solutions you proposed to me. Thank
>> you very much.
>>
>> Cheers
>>
>> Ale
>>
>> Il 23/01/19 00:42, eric gisse ha scritto:
>>> This is what I do:
>>>
>>> My tor exit node runs on its own, but I have a full caching bind
>>> server on a different VM. This services some domains I run, with ACLs
>>> to do regular DNS.
>>>
>>> I use the following DNS servers:
>>>
>>> 2606:4700:4700::1111 -- Cloudflare
>>> 2001:1608:10:25::1c04:b12f -- https://dns.watch/
>>> 2600::1 -- Sprint
>>>
>>> No individual DNS provider inspires me with amazing confidence,
>>> however the caching server turns my bind instance into a pretty
>>> solidly constructed one.
>>>
>>> 1) I don't really think v6 snooping/monitoring is "there yet". Thin
>>> gruel, but still.
>>> 2) DNS doesn't go out the same stack in the case of v4 requests and
>>> doesn't go out the same ip for v6. Sure, you can associate to within
>>> the same /64 but that's just more effort any attacker would have to
>>> do.
>>> 3) I cache a LOT.
>>>
>>> Check out these nameserver cache statistics:
>>>
>>> services /var/log/named # grep -i cache stats
>>> ++ Cache Statistics ++
>>> [View: internal (Cache: internal)]
>>> 251588520 cache hits
>>> 452018 cache misses
>>> 50306019 cache hits (from query)
>>> 63441802 cache misses (from query)
>>>
>>> I cache a LOT.
>>>
>>> Think of your threat model - what are you worried about? Is DNS really
>>> your concern?
>>>
>>> On Tue, Jan 22, 2019 at 2:53 AM <dns1983 at riseup.net> wrote:
>>>> Hello,
>>>>
>>>> i'm a student, so I lack many networking notions.
>>>>
>>>> Which are the most privacy reliable public dns servers? I don't exactly know how choose a third part DNS server. I read that cloudfare servers are audited by third parties but I'm not sure that I can trust. do you think that audition is trustworthy?
>>>>
>>>> Thanks
>>>> --
>>>> Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la brevità ._______________________________________________
>>>> tor-relays mailing list
>>>> tor-relays at lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list