The DNS protocol has some time,
the RFC which define it, 1034 (concepts and facilities)
and 1035 (implementation and specification)
are from 1987 and like in all the protocols of that time, security in the
comunication wasn't a priority, anyone sniffing the network can see which
domains visit everyone, let alone the providers of the DNS service, but it
has little solution in the short run, Internet depends on this name sistem
and there isn't another better with the required infrastructure, right?
Well, it seems that the Tor SOCKS proxy interface
offers a non standard option (point 2)
which allows to use this network to resolve names, this functionality can be
accessed from the command line through tor-resolve
,
this capability can be exploited to build a private DNS server which don't
filter the domain name lookups to the network.
Using is simple to build a this DNS server
to use the Tor network as a resolver backend (is going to be limited to the
),
this is implemented in Onion-dir
(