[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
2015-12-20 17:21 GMT+01:00 Remi Gacogne <listes+tor-relays@xxxxxxxxxxxx>:
>> On the other hand, I would say using a local DNS cache can increase both
>> your relay's performance and perhaps offers a slight privacy gain to tor
>> clients, given that a cached DNS response will be served directly to a
>> tor client rather than querying an external resolver for the 2nd time.
>
> Note that, whenever possible, Tor relay operators using a local DNS
> resolver should enable qname mininisation [1], so that the resolver only
> sends to the authoritative servers what they need to know to respond.
> Support for qname minimisation has recently been added in unbound [2]
> 1.5.7, and is planned in the future Knot resolver [3].
>
> [1]: https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08
> [2]: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=648
> [3]: https://github.com/CZ-NIC/knot-resolver
It should be noted that on Debian unbound is v. 1.4.17 and support for
qname minimisation has been added in v. 1.5.7
C
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays