> My idea is designed to protect the exit node against a DNS attack from the
> owner of the DNS server. Not from the ISP or an attacker monitoring the
> traffic going in and out of the ISP data center.
So in this threat model you trust your ISP but not your DNS provider? Why not
just use the ISP's DNS then? Combine it with a local caching resolver and call
it a day.
I don't really see a compelling use-case for just inserting DNS noise and not
following up with IP noise.
I'm interested in things like Google's DNS-over-HTTPS implementation:
https://developers.google.com/speed/public-dns/docs/dns-over-https. It encrypts
DNS traffic on the wire. There are already some fairly good client-side
implementations. However, we need other providers to put up DNS-over-HTTPS
endpoints, since no one wants to trust Google.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
