Silk Road forums
Discussion => Security => Topic started by: fake on August 28, 2013, 10:54 pm
-
what DNS to be used?
are the anctarcticland dns safe? 84.200.208.200 and 84.200.212.38
http://www.google.pl/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCsQFjAA&url=http%3A%2F%2Fwww.govantarcticland.org%2Findex.php%2Fen%2Finformations%2F73-parallel-internet-it-can-be-done&ei=nH8eUq3oM8W7hAfVwoDoDA&usg=AFQjCNGjxaqVHE3-1lJixKoydYVZcdka5A&bvm=bv.51495398,d.ZG4
-
The best DNS servers to use are whatever random exit nodes use, via Tor's remote DNS resolver.
-
The German and Swiss Privacy Foundations runs DNS servers. Though using them may reduce domain name resolution speed when you're not from Europe.
http://www.privacyfoundation.de/service/serveruebersicht/
http://www.privacyfoundation.ch/de/service/server.html
Switzerland:
77.109.138.45 (Ports: 53, 110; DNSSEC)
77.109.139.29 (Ports: 53, 110; DNSSEC)
87.118.85.241 (Ports: 53, 110; DNSSEC)
Germany:
87.118.100.175 (Ports: 53, 110)
-
astor is right. DNS needs to go over Tor, and wherever it sends you is the best bet.
There are downsides. If an exit node for your DNS traffic is malicious, it could send you to a hijacked IP instead of the true one. And your browser would believe the response. But with SSL, as long as you make sure you see the https in the URL, and the cert is good, you're probably fine. Even if they redirected you to some third world knockoff of Paypal, you'd get a cert error.
But outside of Tor, all of your DNS requests are sniffable by anyone in the path of your traffic from you to the DNS server. So if you pick a great, private, nobody-knows-I'm-looking-up-donkey-porn-addresses DNS server in Privatelandia, the most secure country on earth, when somebody sniffs your cleartext, unencrypted little UDP DNS packets, they're going to see your client IP, the hostname you're looking up, and the response.
Personally, I use whatever I get via Tor.