[tor-bugs] #25564 [Community/Relays]: DNS-over-HTTPS for exit relays
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 21 13:28:29 UTC 2018
#25564: DNS-over-HTTPS for exit relays
------------------------------+--------------------------
Reporter: cypherpunks | Owner: Nusenu
Type: defect | Status: reopened
Priority: Medium | Milestone:
Component: Community/Relays | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+--------------------------
Comment (by irl):
There are open source implementations for DNS resolvers supporting DNS-
over-HTTPS. For example [[https://github.com/m13253/dns-over-https|this
one]]. More will probably appear as work in the IETF progresses. I would
still hope that exit operators would set up a local stub resolver to
perform DNSSEC validation, so the instructions would be about how to
configure that stub resolver to forward to a DNS-over-HTTPS resolver.
Even having 20 resolvers is too concentrated in my opinion, but this is
just based on my general feelings about it, not based on any actual
research. Someone should do some research (or find some that has already
been done) so that we can decide if this is a good thing that we should
recommend or if it's actually a thing that would make the situation worse.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25564#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list