MX / SRV / DNSSEC / any DNS requests over Tor / DNSCrypt

I don’t understand the source code. Look for tor.dns, defaultTorDNSHost, dnsHost if anyone wants to check.

Looks like an application specific implementation which is not trivially refactored for use by arbitrary applications.

Feel free to ask upstream about it.

defaultTorDNSHost = “soa.nodes.lightning.directory”

Looks like it needs special(?), specific DNS servers providing this service. Thereby DNS related non-stream isolation, identity correlation.

Since…

Looks like it needs special(?), specific DNS servers providing this service. Thereby DNS related non-stream isolation, identity correlation.

If that’s not a concern, another option would be to use DNSCrypt. Looks like nowadays DNSCrypt can do both encrypted DNS as well as DNSSEC (authentication). I haven’t look into it for years. See:

Reminding me about this gave me the idea that “hardened debian” (rename required) (Kicksecure - Security Focused Linux Distribution based on Debian - In Development - Feedback Wanted!) might come with preconfigured with DNSCrypt + DNSSEC by default, but that is best discussed in a separate thread.

1 Like