4

I was reading a couple articles on identity and information leaks from DNS. I was just curious to know how many TOR exit node operators run their own DNS servers as opposed to going through another provider (ex. google, opendns, etc). I'm interested to hear some feedback or thoughts.

Dennis Emory Hannon
  • 51
  • 4
  • 2
    phw and some others did a study of this, a large number of them use Google. The paper can be found here: https://nymity.ch/pdf/greschbach2016a.pdf (see graph on page 6, for example) – cacahuatl Aug 05 '17 at 21:39
  • 2
    Thanks canonizing ironize!

    I just wrote a small tutorial for tor exit relay operators on how-to setup their own local resolver. Look for it on the tor-relay mailing list. :)

     – Dennis Emory Hannon Aug 06 '17 at 23:23
  • Using local recursive resolver based on ISC bind without any ISP upstream or any open dns like google etc – Alexey Vesnin Sep 16 '17 at 01:57

1 Answers1

1

I simply use the one the ISP that connects my relay is providing. It's surely not bad to have diversity in resolvers.

There are discussions about advertising a specific DNS resolver on the tor-relays list like https://lists.torproject.org/pipermail/tor-relays/2017-September/012940.html or https://lists.torproject.org/pipermail/tor-relays/2017-September/thread.html#12954

In the end you want diversity. Just like diversity in users helps, so does in relays. Of course exit relays should either have an uncensored connection or explicitely reject the censored IPs in their exit policy.

merge
  • 66
  • 3