
DNS over Tor - edward
https://developers.cloudflare.com/1.1.1.1/fun-stuff/dns-over-tor/
======
peter_d_sherman
Good idea!

One additional idea, along similar lines, might be to compare the results of
standard DNS with Tor'd DNS for all DNS lookups and create a log file with any
discrepancies...

In other words, if/when there is a difference, log that.

You would lose DNS privacy with this method, but, if you were say, in China,
and your regular non-Tor'd DNS was blocked or re-routed (whether accidentally
or intentionally) then at least your log file would tell you that something
was up...

In fact, it might be an interesting experiment for an Internet researcher to
gather as many domain names as possible, then look them up via both regular
DNS and Tor'd DNS, and note any discrepancies...

And, the same experiment could be repeated in different countries...

~~~
A2017U1
In China it's more like DNS over shadowsocks proxy to the tor network.

The Chinese are oppressively good at inspecting packets. I fear they'll start
exporting the tech and skills eventually to the most evil leaders on Earth as
just another export. Tor is somewhat out of reach for the average Chinese
whistleblower.

~~~
denkmoon
> I fear they'll start exporting the tech and skills eventually to the most
> evil leaders on Earth as just another export.

Already happening. [https://www.reuters.com/article/us-global-internet-
surveilla...](https://www.reuters.com/article/us-global-internet-
surveillance/china-exports-its-restrictive-internet-policies-to-dozens-of-
countries-report-idUSKCN1N63KE)

------
Squithrilve
The entire fun with DNS section is interesting:
[https://developers.cloudflare.com/1.1.1.1/fun-
stuff/](https://developers.cloudflare.com/1.1.1.1/fun-stuff/)

Although some protocols are missing for example DoX:
[https://xmpp.org/extensions/xep-0418.html](https://xmpp.org/extensions/xep-0418.html)

------
lambada
I missed this when it was first announced. Does anyone know if the Tor Browser
by the Tor folks has this built in or available as an option? Or whether the
Tor developers themselves have thoughts on using .onion based DNS Servers?

------
egberts
Why would we ever want to Tor into a non-DNSSEC like 1.1.1.1?

[https://egberts.github.io/egberts/articles/public-
nameserver...](https://egberts.github.io/egberts/articles/public-nameservers-
with-dnssec-support.html)

~~~
tptacek
Why would any Tor user care whether their resolver supported a "DNS security"
scheme controlled by governments? Even if you like DNSSEC, how would that be a
coherent POV?

