I don’t understand the source code. Look for tor.dns
, defaultTorDNSHost
, dnsHost
if anyone wants to check.
Looks like an application specific implementation which is not trivially refactored for use by arbitrary applications.
Feel free to ask upstream about it.
defaultTorDNSHost = “soa.nodes.lightning.directory”
Looks like it needs special(?), specific DNS servers providing this service. Thereby DNS related non-stream isolation, identity correlation.
Since…
Looks like it needs special(?), specific DNS servers providing this service. Thereby DNS related non-stream isolation, identity correlation.
If that’s not a concern, another option would be to use DNSCrypt. Looks like nowadays DNSCrypt can do both encrypted DNS as well as DNSSEC (authentication). I haven’t look into it for years. See:
Reminding me about this gave me the idea that “hardened debian” (rename required) (Kicksecure - Security Focused Linux Distribution based on Debian - In Development - Feedback Wanted!) might come with preconfigured with DNSCrypt + DNSSEC by default, but that is best discussed in a separate thread.