[tor-talk] DNS hijacking

Chuck Peters cp at axs.org
Sun Apr 5 17:10:19 UTC 2015


Philipp Winter said:
> On Fri, Apr 03, 2015 at 10:15:42PM -0000, throwaway123 at sigaint.org wrote:
> > It will only happen when using Tor. I did a "normal" DNS dig and a
> > tor-resolve simultaneously - the first pointing to the real IP, the latter
> > pointing to said server.
> 
> What is the "real" IP address?  All exit relays that are currently
> online resolve your domain to 185.53.179.29.

How did you determine the resolution of all exits?  

How many of the resolvers support DNSSEC?

$ host sigaint.org
sigaint.org has address 185.10.58.250
sigaint.org mail is handled by 5 mx2.sigaint.org.
sigaint.org mail is handled by 5 mx1.sigaint.org.
root at box:/etc/ssh# cat /etc/resolv.conf 
domain members.linode.com
search members.linode.com
nameserver 207.192.69.5
nameserver 97.107.133.4
nameserver 207.192.69.4
options rotate

$ host 185.53.179.29
Host 29.179.53.185.in-addr.arpa. not found: 3(NXDOMAIN)


I would like to select DNS resolvers that support DNSSEC.  Can an end user (TBB perhaps) select a specific DNS resolver or a set of resolvers?



Chuck


More information about the tor-talk mailing list