[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
From: Remi Gacogne <listes+tor-relays@xxxxxxxxxxxx>
Date: Sun, 20 Dec 2015 17:21:39 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 20 Dec 2015 11:28:10 -0500
In-reply-to: <5675FC7B.2020505@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <5675CACE.20800@xxxxxxxxxx> <5675FC7B.2020505@xxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

> On the other hand, I would say using a local DNS cache can increase both
> your relay's performance and perhaps offers a slight privacy gain to tor
> clients, given that a cached DNS response will be served directly to a
> tor client rather than querying an external resolver for the 2nd time.

Note that, whenever possible, Tor relay operators using a local DNS
resolver should enable qname mininisation [1], so that the resolver only
sends to the authoritative servers what they need to know to respond.
Support for qname minimisation has recently been added in unbound [2]
1.5.7, and is planned in the future Knot resolver [3].

[1]: https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08
[2]: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=648
[3]: https://github.com/CZ-NIC/knot-resolver
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
  - From: Cristian Consonni

References:
- [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
  - From: Jesse V
- Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
  - From: Alexandros

Prev by Author: Re: [tor-relays] Opt-In Trial: Fallback Directory Mirrors
Next by Author: Re: [tor-relays] uptime "algorithm"
Previous by thread: Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
Next by thread: Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
Index(es):
- Author
- Thread