[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] ORSN DNS servers vs OpenNic



> On 6 Aug 2017, at 02:57, Petrusko <petrusko@xxxxxxxxxx> wrote:
> 
> On my LAN I'm using Unbound, forwarding all requests to "root servers".
> 
> I've read it's not really cool for a high traffic server, to preserve
> those root servers...?
> But for home, I think it's perfect.
> 
> For an exit, why not using too a dns cache as Igor said, may be less
> agressive for the root servers ? :
> 
>    On your node, run dnsmasq with a large (10000) cache as a fast and
>    secure alternative to running a full DNS server. That can prevent some
>    DNS-based timing attacks.
> 
> Is it a good idea to use those roots servers ?
> I'm not 100% sure about requests because of MITM attack, but better than
> GoogleDNS ?

Using a caching, recursive resolver should be fine.
(Then the root servers only answer queries for top-level domains.)

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays