[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation
From: Paul Templeton <paul@xxxxxxxxxxxxx>
Date: Wed, 11 Apr 2018 02:10:42 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 10 Apr 2018 22:10:57 -0400
In-reply-to: <CAPQndox6Q=yzNn8-NGp+9Feq16G3DvmgujUTRQqNLVxC2YYsdA@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAPQndox6Q=yzNn8-NGp+9Feq16G3DvmgujUTRQqNLVxC2YYsdA@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: 66pG9Yym0RXwbt8q91al8thQFspZgg==
Thread-topic: Let's increase the amount of exit relays doing DNSSEC validation

Hi All,

Is there anyone who uses Bind9? I'll setup DNSSEC on all Exits but I would like to validate the config.

I have done this on 41781FDC57238DAB955DF6D6E8400CEC5ACBE706



options {
        directory "/var/cache/bind";

        dnssec-enable yes;
        dnssec-validation yes;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { ::1; };
        listen-on { 127.0.0.1; };
        allow-recursion { 127.0.0.1; ::1; };
};

include "/etc/bind/bind.keys";



When I do a dig +dnssec . | grep ";; flags:" I get ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 this looks as if its working.

There is no forwarding.

Paul
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation
  - From: Alexander Dietrich
- Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation
  - From: nusenu

References:
- Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation
  - From: Dhalgren Tor

Prev by Author: Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation
Next by Author: Re: [tor-relays] DigitalOcean bandwidth billing changes
Previous by thread: Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation
Next by thread: Re: [tor-relays] Let's increase the amount of exit relays doing DNSSEC validation
Index(es):
- Author
- Thread