[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Running Bind locally

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Running Bind locally
From: Eugen Leitl <eugen@xxxxxxxxx>
Date: Wed, 11 Sep 2013 15:29:51 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 11 Sep 2013 09:30:10 -0400
In-reply-to: <522ed953.549.fb273700.1c5fd59c@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <522ed953.549.fb273700.1c5fd59c@xxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

As a heads-up, this fixed my recursive DNS to world
issue while ability to serve authoritative domains
was not impaired. Thank you, tor@xxxxxxx

Running your own DNS is a good idea for those who
got too used to all these 8.8.8.8 and 8.8.4.4 things.

On Tue, Sep 10, 2013 at 04:33:23AM -0400, tor@xxxxxxx wrote:
> 
> For linux bind named.conf:
> 
> Within "options {" put:
> 
> allow-query { any; };
> allow-recursion { trusted; };
> allow-query-cache { trusted; };
> 
> 
> Then, add this new section somewhere after the options closing
> bracket:
> 
> acl "trusted" {
> localhost;
> localnets;
> //netblocks/IPs you want, examples below:
> 123.23.23.23/24;
> 12.123.123.123;
> };
> 
> 
> 
> 
> On Tuesday 10/09/2013 at 4:23 am, Eugen Leitl  wrote:
> >On Tue, Sep 10, 2013 at 12:45:03AM -0700, Bry8 Star wrote:
> >>
> >>If you run your own BIND/named as Authoritative DNS-Server, for some
> >>domain-name that you own, and if it is also configured to function
> >>as a Recursive DNS-Server for local software (in that computer), and
> >>if you have enabled DNSSEC (for recursive side), then that would be
> >>better, imho.
> >
> >Speaking about recursive DNS for BIND, does anyone have
> >a working set of options which limit recursive DNS queries
> >to just the local subnet, and another couple IPs, maybe?
> >
> >
> >_______________________________________________
> >tor-relays mailing list
> >tor-relays@xxxxxxxxxxxxxxxxxxxx
> >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> 

> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] Running Bind locally
  - From: tor

Prev by Author: Re: [tor-relays] Running Bind locally
Next by Author: Re: [tor-relays] . Re: Relay security, re: local network
Previous by thread: Re: [tor-relays] Running Bind locally
Next by thread: [tor-relays] Tor node was doing more traffic than its bandwidth is configured for
Index(es):
- Author
- Thread