#25564: DNS-over-HTTPS for exit relays ------------------------------+-------------------------- Reporter: cypherpunks | Owner: Nusenu Type: defect | Status: reopened Priority: Medium | Milestone: Component: Community/Relays | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ------------------------------+--------------------------
Comment (by irl): There are open source implementations for DNS resolvers supporting DNS- over-HTTPS. For example [[https://github.com/m13253/dns-over-https|this one]]. More will probably appear as work in the IETF progresses. I would still hope that exit operators would set up a local stub resolver to perform DNSSEC validation, so the instructions would be about how to configure that stub resolver to forward to a DNS-over-HTTPS resolver. Even having 20 resolvers is too concentrated in my opinion, but this is just based on my general feelings about it, not based on any actual research. Someone should do some research (or find some that has already been done) so that we can decide if this is a good thing that we should recommend or if it's actually a thing that would make the situation worse. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25564#comment:5> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs