Op 03/07/16 om 15:51 schreef Zack Weinberg: > On Sun, Jul 3, 2016 at 9:25 AM, ajs124 <t...@ajs124.de> wrote: >> >> Afterwards, I noticed that most if not all the DNS request are randomly >> capitalized. >> Does this impact unbound's caching ability? My cache hit/miss ratio is >> around 1/5. > > This is "0x20 encoding", see > https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 > https://isc.sans.edu/diary/Use+of+Mixed+Case+DNS+Queries/12418 and > https://dyn.com/blog/use-of-bit-0x20-in-dns-labels/ . It makes it > harder for a MITM to spoof DNS responses. > > It shouldn't affect unbound's ability to cache anything. However, I > personally think it is inappropriate to run a DNS cache on an exit > node, because that preserves a record on the exit node of what people > are using it for. > > zw
Without a cache, every connection takes a second longer to open. Unless you send all DNS requests to Google, but I don't think that's ideal either. In-memory caching of DNS is simply needed for Tor to work properly (and besides, Tor has its own DNS cache as well). Tom _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
