[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] important DNS tuning for high volume exit relays, fix for Unbound DNS DOS problem
I believe I now understand the cause of exit relay failure when
Unbound is the resolver and GoDaddy null-routes the exit.
Both to prevent this DOS from taking out your relay if Unbound is
running and to maximize DNS performance:
with a local instance of Unbound running /etc/resolv.conf should look like
options timeout:5 attempts:1 max-inflight:16384 max-timeouts:1000000
nameserver 127.0.0.1
with a local instance of 'named' running /etc/resolv.conf should look like
options timeout:5 attempts:2 max-inflight:16384 max-timeouts:1000000
nameserver 127.0.0.1
background material for the above recommendations found at
https://trac.torproject.org/projects/tor/ticket/18580#comment:11
https://unbound.net/pipermail/unbound-users/2016-April/004301.html
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays