Any plans to fix tor for OpenDNS?

Sven Anderson sven at anderson.de
Thu Nov 13 18:21:11 UTC 2008


Am 13.11.2008 um 17:26 schrieb Matt LaPlante:

> The very nature of OpenDNS conflicts with the concept of anonymity and
> privacy.  By using the service, you're not only giving them the
> opportunity to track your requests, you're also allowing them to
> redirect your lookups to third parties at will.

If you switch off the redirects, this is true for any DNS resolver you  
might use and not OpenDNS specific.

If your local DNS resolver has not recently been updated and doesn't  
use random ports for queries it's always better to use OpenDNS for  
security reasons, since else you are vulnerable by cache poisoning.[1]

For the same reasons, if want to use your own caching resolver, make  
sure you are using a current version that uses random query ports, and  
make sure the resolver is NOT behind a NAT router, because NAT  
destroys the port randomization.

Sven

[1] http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2415 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20081113/8ae9d644/attachment.bin>


More information about the tor-talk mailing list