[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Please need urgent help with the DNS resolver of a fast exit relay

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Please need urgent help with the DNS resolver of a fast exit relay
From: "s7r@xxxxxxxxxx" <s7r@xxxxxxxxxx>
Date: Thu, 24 Apr 2014 19:20:37 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 24 Apr 2014 12:29:32 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1398356437; bh=ER3DYwFBkzgsAg0PiI9r8qYXCBDR8SGLg5ADtXPj8n0=; h=Message-ID:Date:From:Reply-To:MIME-Version:To:Subject: Content-Type:Content-Transfer-Encoding; b=CyeAc61Nhzzvd/GTxN9PTE7X0E6iv+tpeRpiJFE09u1lJ46d5sNkNPR3c/Z6ZITQ6 Gfex+4ARZF8uqgAPwE9POIhre9rZRfJDxi5vjW5t3Oo/z3nmFxtWxI8CBs+Ifrw0QG Lu9b/YqC4d1794PXoXpvCUs+GRpNs07adDpyyzkw=
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

The servers from my ISP are not stable or good enough to handle the
traffic for this Tor exit router.

I get this in the log very often:
Apr 24 15:14:07.000 [notice] Circuit handshake stats since last time:
91633/91636 TAP, 15962/15962 NTor.
Apr 24 17:40:45.000 [warn] eventdns: All nameservers have failed
Apr 24 17:40:45.000 [notice] eventdns: Nameserver <ip>:53 is back up

Both nameservers fail and come back after 1 second, or less.

I don't know what impact will this have on the exit node. Is it any
problem at all?

I have decided also to setup my own DNS resolver and not use the ones
from ISP, so I have installed named.

What I need help is, for your someone to tell me exactly how do i have
to edit named.conf in order to:

1. Enable DNSSEC, for the clients who want to use it. Not make it a
requirement, just enable it and prefer it over normal DNS if and when
possible.


2. Be able to resolve all TLDs as described here:
https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver#DNSResolverServer

Now I can clearly understand the message from that post but there is
no instruction anywhere about how to do it, those links for Alt Roots
are broken. Is this a requirement? Who needs to resolve silly TLDs not
supported by IANA / ICANN anyway?

3. Cache the records for as long as possible - my relay is already
using a lot of traffic so I have to spare as much as I can.


Please provide me with a good named.conf and description of settings
so I can properly configure a good DNS resolver for my relay.

Thank you in advance!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBCAAGBQJTWTnUAAoJEIN/pSyBJlsRtN8IAJK8ndrb6IdW+PRpynTu5gzH
/6ID3k3uO+EX1jKDSrSMzUlfaOZT0UIVXX/KKxqJSa4YQH4MMGcWfCYXkv+bdFC0
s3ABvAWOeklX5KxUwGWaEJJND+Zu4nstIcVTFpjKpbiFJ7mdzjlDVSCsZFXYBVoV
tOY7amgAoQCxNsG0aBKUKeArRSJ03jcicD/92PkL8ro2IB6FItusp5Qywcp12Nhq
mXEJdD8l/5jSS1epaaZJ6LzDFyyZsVKsxK8EkBxkYtblkk8WxUnkz4gXrP88cnMC
rHb8gqLBvHqjLUn1fKtmJbxJ/J1qEa+2PyoJpzkh4hQxXSZ52TskWKSi0eR7j5E=
=675a
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Please need urgent help with the DNS resolver of a fast exit relay
  - From: Linus Nordberg

Prev by Author: [tor-relays] Relay reading more than it writes??
Next by Author: Re: [tor-relays] Please need urgent help with the DNS resolver of a fast exit relay
Previous by thread: [tor-relays] Bridges included in Tor Browser -- should they regen keys because of Heartbleed?
Next by thread: Re: [tor-relays] Please need urgent help with the DNS resolver of a fast exit relay
Index(es):
- Author
- Thread