>From my point of view its much more helpful to run an DoH (or DNSCrypt, DoT if you like) client on an exit and randomly distribute requests to a set of DoH/DNSCrypt/DoT-Servers to hide the actual DNS Requests an exit is doing from an adversary which might use this information for correlation.
As the requests are randomly distributed between a set of servers this additionally fixes the problems of a single entity answering/monitoring all DNS requests. Unfortunately root servers doesn't support encrypted DNS (except of openNIC but I dont think they are not an option for a general recommendation because only 9 servers are currently supporting encryption). BUT: By using for example the list of encrypting dns servers and dnscrypt-proxy the dnscrypt project is offering it would be easy to implement a huge set of relays using a random set of DoH or DNSCrypt enabled dns servers. Regards, flux On 3/5/20 3:45 PM, Alec Muffett wrote: > > > On Thu, 5 Mar 2020 at 14:37, Iain Learmonth <[email protected] > <mailto:[email protected]>> wrote: > > On 05/03/2020 14:20,Nathaniel Suchy wrote: > > It’s not a threat model issue. > > Who gets to see Tor users DNS requests is exactly a threat model > issue. > > > Concur. That is exactly the reason that I am asking clarification of > Nathaniel's perspective, here. > > I'm currently doing some research on the area, and am particularly > interested in which/all of Nathaniel is concerned by: > > 1/ blocking of Tor-users' DNS requests > 2/ tampering with Tor-user's DNS requests > 3/ surveillance of Tor-users' DNS requests > 4/ *corporate* surveillance of Tor-users' DNS requests > 5/ other... > > Because if Nathaniel is primarily interested in 3 and 4 from that > list, then this is a particularly interesting video to watch (cued up > to 0:33 for convenience) > > https://www.youtube.com/watch?v=FrGZczZ8tyU&t=0m33s > > ...and which, with a little reflection regarding the "anonymity loves > company" philosophy of Tor, suggests that the solution might in part > be MORE AND PRIVATE use of "big" resolvers... because the little ones > are just as much, perhaps more of a risk. > > -a > > -- > http://dropsafe.crypticide.com/aboutalecm > > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
