[tor-relays] dnsmasq configuration for an exit relay (Debian)
Ralph Seichter
m16+tor at monksofcool.net
Sun Oct 8 19:55:38 UTC 2017
On 08.10.17 21:23, Igor Mitrofanov wrote:
> you seem to be more concerned with minimizing the number of hosts
> involved in a DNS lookup, and you (correctly) believe that running a
> recursive resolver yourself, as opposed to delegating it, decreases
> that number.
Yes, that's what I have been trying to communicate; I hope I was not too
long-winded. Keeping the number of involved servers as low as possible
is important for Tor nodes, and I'm happy to live with the small extra
cost of running a caching resolver on my nodes to achieve this goal.
Unfortunately both individuals and ISPs seem to recommend using Google's
infamous 8.8.x.x servers, for convenience if for no other reason. If I
can avoid it, I will personally not use servers located in Mountain View
(that's where GeoIP tells me these machines are) or elsewhere in the US,
where the hoster might be willing or even required to keep logs of DNS
lookups that can be correlated to my hosts simply by the originating IP
addresses.
> I assume, however, that most of these ISPs have no technical
> capability or business incentives to be engaged in Tor traffic
> correlation.
Quite. I choose ISPs in countries that, to the best of my knowledge,
have laws that would make it difficult and time-consuming for the NSA,
GCHQ or other intelligence services to get access to logs by legal
means.
> I am making an assumption that Tor relays sending DNS requests to a
> large and diverse number of destinations can make practical DNS-assisted
> traffic correlation prohibitively expensive.
That's what I hope, and I am trying to do my part to increase that cost.
-Ralph
More information about the tor-relays
mailing list