[tor-relays] exit operators: overall DNS failure rate above 5% - please check your DNS resolver
Conrad Rockenhaus
conrad at rockenhaus.com
Mon Jul 1 03:17:16 UTC 2019
> On Jun 30, 2019, at 8:32 PM, Matt Westfall <mwestfall at ecansol.com> wrote:
>
> Just set your exit relay DNS to 8.8.8.8 and 1.1.1.1 I mean dns traffic isn't bulk traffic, let google and CloudFlare do the “work"
>
Utilizing Google DNS (and possibly Cloudflare DNS) provides a significant security flaw that allows outside entities to determine what Tor network users are looking at. Utilizing your own DNS server, a trusted DNS server, or just running Unbound on the same instance is significantly more secure.
Google DNS keeps their logs…Cloudflare claims to wipe after 24 hours, but what’s not known if there’s an open FISA, for example, to continuously turn over Tor originated DNS requests over that 24 hour period.
There’s multiple Open Source Intelligence sources that have developed that governments are doing this exact thing to monitor Tor users, amongst other things. I would say this, a friend of mine who previously worked with the US IC says run Unbound or use trusted DNS.
Thanks,
Conrad Rockenhaus
https://www.greyponyit.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1403 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20190630/3fc8ad33/attachment.bin>
More information about the tor-relays
mailing list