[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] DNSSEC better protecting users?



On Sat, Jan 10, 2015 at 12:54:23AM -0800, Virgil Griffith wrote:

> In particular, I am concerned about what subdomain a user is visiting
> being leaked.

DNSSEC is not encrypted, so it leaks everything -- even data that normal
DNS doesn't.

> Are there any established ways of preventing the subdomain from being
> leaked?

The best way currently is to use DNSCrypt, which encrypts DNS queries
and responses.  It's originally from OpenDNS, although there are other
providers that support DNSCrypt also.  With DNSCrypt, only the provider
sees your queries, instead of the provider + anyone listening in.

Note this is only the DNS angle to your question.  (Katya mentions HTTPS
SNI).

Nicolai
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk