> On 6 Aug 2017, at 02:57, Petrusko <petrusko@xxxxxxxxxx> wrote: > > On my LAN I'm using Unbound, forwarding all requests to "root servers". > > I've read it's not really cool for a high traffic server, to preserve > those root servers...? > But for home, I think it's perfect. > > For an exit, why not using too a dns cache as Igor said, may be less > agressive for the root servers ? : > > On your node, run dnsmasq with a large (10000) cache as a fast and > secure alternative to running a full DNS server. That can prevent some > DNS-based timing attacks. > > Is it a good idea to use those roots servers ? > I'm not 100% sure about requests because of MITM attack, but better than > GoogleDNS ? Using a caching, recursive resolver should be fine. (Then the root servers only answer queries for top-level domains.) T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
Attachment:
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays