[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Unbound (Re: dnsmasq configuration for an exit relay (Debian))

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Unbound (Re: dnsmasq configuration for an exit relay (Debian))
From: Ralph Seichter <m16+tor@xxxxxxxxxxxxxxx>
Date: Sun, 8 Oct 2017 12:23:27 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 08 Oct 2017 06:23:48 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=monksofcool.net; s=bravo; t=1507458212; bh=JLp4AHXAfg2YvHZq8SiiuaQ7No9OYsUhT5WPrVQZ+4k=; h=Subject:To:References:From:Message-ID:Date:User-Agent:In-Reply-To: Content-Type:Content-Language; b=vKZSYtOr5mf5+jUaLzELCw6Tly9TDyYbluZElm3hO4pRL1T8hZ+JL9vUORO1Df51V 38QcNqi7MlqaEcSH1Sc19kD+2PrQiLBdHwE2pwJaju5B6CPt+1AHiQeYA8G+AMB11I /XhNKG4u7J/bMxkPweTTEQ8kp+z4bSUOBn45tLve2nuKkda7M9/U9iU4r0RkTuGWLd SdA2MneppFnQ13wOGadxPGVFYkfWK/ObfDyks661k9GpNWxV3+uYDoEDRQvwm4ZrgN 62RfLrgdlfixYFxjfyHFU+/gL28o2FtkZ8iGU7AWeW/Ajf3hanfljDJDQcQTEm6q05 oi835EImhC5pQ==
In-reply-to: <49648f32-7dca-4790-9ded-920121447b4c@gmx.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <893478694.1218993.1507397950354.JavaMail.zimbra@laposte.net> <e5e7d8d3-caff-0176-b567-0fd6a4f2fa40@monksofcool.net> <49648f32-7dca-4790-9ded-920121447b4c@gmx.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

On 08.10.17 11:46, Toralf Förster wrote:

> May I asked, why you prefer unbound ?

The OP was concerned than dnsmasq "could introduce vulnerabilities if
not handled properly, because it provides more than just local DNS
cache". In contrast, Unbound has a single purpose(*), and I found it to
be a reliable, low-impact combination with my Tor nodes -- especially on
nodes with scant resources -- that needs very little config data and was
designed with security in mind.

I did not mean to say Unbound is the only choice, just that I strongly
prefer it over dnsmasq. For my authoritative nameservers I use BIND, but
when a resolver suffices, as is the case for Tor nodes, I use Unbound.

-Ralph

(*) http://info.menandmice.com/blog/bid/37244/10-Reasons-to-use-Unbound-DNS
is one example blog about Unbound. The DNSSEC config can be much simpler
though, when using auto-trust-anchor-file.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: jpmvtd261
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: Ralph Seichter
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: Toralf Förster

Prev by Author: Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
Next by Author: Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
Previous by thread: Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
Next by thread: [tor-relays] unbound and DNS-over-TLS (dnsmasq configuration for an exit relay (Debian))
Index(es):
- Author
- Thread