DNS with Tor (compared to VPNs).

[coderman]

On Wed, Oct 20, 2010 at 4:47 PM,  <andrew at torproject.org> wrote:
> ...
> : However, my ISP does not see the DNS requests (or the website since
> : all traffic flows through the encrypted VPN).
>
> It depends on the VPN.  Many vpns don't touch your dns settings,
> therefore your local resolver sees the requests.

the reverse is not true, however. there are numerous side channels
around host default nameserver entries set by VPN software or yourself
manually (explicit resolver IP passed to host libs, or custom UDP DNS
queries, or caching proxy query reflection, or. etc.

"am I leaking DNS?" turns out to be a complicated question...


> : If I am using Tor then all DNS resolution is done by the Tor exit
> : node.  No DNS requests leave my computer unencrypted - unlike in the
> : previous two examples.
>
> If the apps are set to use tor correctly, yes.

this is one reason why Tor Button or other privacy minded extensions
and configurations explicitly disable bad plug-ins and mime types;
this is useful for VPN users in general who want leakage resistant DNS
privacy through their VPN provider DNS nameservers rather than ISP
defaults.

again, more complicated than it seems; devil in the technical details
according to your uses and threats...

best regards,
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/