Tor's Vulnerability with DNS Resolution is being Exploited
Tor currently resolves its DNS by having the exit node make the DNS queries. OpenDNS is what Firefox uses for DNS over HTTPS. All Cisco products also use OpenDNS. OpenDNS is currently set up to intentionally refuse to resolve some websites. This means anyone who sets up a Tor node with either OpenDNS or Cisco products for DNS resolution is unknowingly blocking these websites from resolving. Considering the scale at which OpenDNS and Cisco products are used; this is a massive attack on Tor ability to provide anonymity on clearnet websites since Tor cannot be used to go to these websites.
Tor needs a way to resolve DNS that cannot be sabotaged by a hostile DNS server. My current thought is to use multiple nodes in the Tor network to complete DNS queries. Then when a clearnet site is request, the Tor Browser asks using IP addresses instead of website names so that the exit nodes DNS server does not control what sites a Tor user is allowed to see.
New Flow:
- Tor Browser ask for website on clearneat
- Tor Browser communicates with DNS directory kept up to day by many servers on the Tor Network via onion routing.
- Tor Browser receives the IP address of the website they requested.
- Tor Browser rewrites the clearnet request to use the IP address instead of the website name.
- Tor Browser uses onion routing with an IP address to go to an exit node and ask for a website.