Encourage sbws operators to install a local caching resolver
Installing a local caching resolver avoids issues with the provider's DNS.
Activity
changed milestone to %sbws: 1.0.x-final
I don't think this is a good idea, because:
- you give more work to bwauths
- sbws relay on one more external thing
- sbws traffic is fingerprintable, but dns queries will go in most cases in clear
- if using a CDN, the ip that that the bwauth server gets will be different that the one the exit will see, so checking if we can exit with a relay with that ip, doesn't make sense
Replying to juga:
I don't think this is a good idea, because:
- you give more work to bwauths
Yes, this is true. Although installing a caching / recursive resolver takes about 5 minutes.
- sbws relay on one more external thing
sbws already relies on the system DNS resolver, which is sometimes unreliable. Installing a caching or recursive resolver makes DNS more reliable.
- sbws traffic is fingerprintable, but dns queries will go in most cases in clear
sbws already relies on the system DNS resolver, which sends DNS queries in the clear.
- if using a CDN, the ip that that the bwauth server gets will be different that the one the exit will see, so checking if we can exit with a relay with that ip, doesn't make sense
We already talked about the CDN issue in: https://trac.torproject.org/projects/tor/ticket/28458#comment:3
If we decide to stop using DNS in #28458 (moved), then we can close this ticket.
Please register or sign in to reply