Re: [Tails-dev] Arbitrary DNS queries... and Tor 0.2.2.x

This message is part of the following thread:
Mthe complete thread tree sorted by date
Mintrigeri at <-
M 
Delete this message

Reply to this message
Author: Anders
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Arbitrary DNS queries... and Tor 0.2.2.x
On 2011-07-28 23:57, intrigeri wrote:
> Anders wrote (28 Jul 2011 21:02:24 GMT) :
>> Another option, one that I'm considering for the Haven OS, is to use
>> the unbound dns server with a patch that forces it to only send tcp
>> traffic. That way all dns requests are sent over tor and since we
>> are doing the name resolution our selves, there is no need to rely
>> on any one open dns server. This way we can also resolve every type
>> of query (even DNSSEC stuff).
>
> It means doing the recursive resolution process ourselves (I mean,
> from inside the Live system itself), right?

Yes, that's the plan. I've tested it and performance isn't really all
that bad. About 2sec for root, tld, and a subdomain (in a completely
unscientific test).

One possible concern is that the tld owners could use statistical
methods to track a user across different exits if she performs lookups
for many related and uncommon domains.

Regards,
Anders

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Arbitrary DNS queries... and Tor 0.2.2.x[Tails-dev] ***SPAM*** [gsoc] tails-greeter progress report->
lists.autistici.org administrated by postmasterLurker (version 2.3)