[tor-dev] DNSSEC
Артур Истомин
art.istom at yandex.ru
Sun Aug 31 10:14:11 UTC 2014
On Sat, Aug 30, 2014 at 04:35:27PM -0700, merc1984 at f-m.fm wrote:
>
> Does anyone know why TOR does not use DNSSEC? The only documentation I
> found on the TORProject website for DNS does not actually explain how
> DNS works on TOR. I infer it must be TCP, as TOR can not do UDP, and I
> imagine that relay nodes must be the resolvers in order to resolve
> .onion domains. But beyond that there is no information on how it
> works.
>
> Seems to me that the lack of DNSSEC in TOR is a gigantic security hole.
> (DNS cache poisoning)
Because DNSSEC can be themselves "gigantic security hole". Google it. It
is very questionable technology.
More information about the tor-dev
mailing list