[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
From: Cristian Consonni <kikkocristian@xxxxxxxxx>
Date: Tue, 22 Dec 2015 01:46:38 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 21 Dec 2015 19:47:12 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=R0eg9B2UIT5D9fsviXcoIg1c2ftO6nZDsKbFxvAYFd8=; b=Q99zdJfa8QgQ94ESENaUiPi4n3QeJHwfTxXGFh+1h9YDDy3Jp+cDqqZEGRyOeu8P3n Ujt6va5ZHDRMfkeJu2iXZb9WYDgrMXH1vMFQlq/Z98xcbeAcLtMt+fWJqke/LS21e0F8 g46ptxuCqZVkcUhqYgCSFykUG2SB7gpvsKIk8IlJmbFfNeIVzgUyZO80BXscFMLhewcS oDhFwrYCMFjUqJZzxUHs2EFCEIgd5y/RDfGG/EiouKhMacp8MZ1lT+NmMzhz298EPjsC SzFDwBw+D3DuFmrqhRe+cEsKac68E9XLrhuN7A8hcedZjHSUxtGvtfPxD3U208KiGfRZ EGrQ==
In-reply-to: <5676D593.10801@xxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <5675CACE.20800@xxxxxxxxxx> <5675FC7B.2020505@xxxxxxxxxx> <5676D593.10801@xxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

2015-12-20 17:21 GMT+01:00 Remi Gacogne <listes+tor-relays@xxxxxxxxxxxx>:
>> On the other hand, I would say using a local DNS cache can increase both
>> your relay's performance and perhaps offers a slight privacy gain to tor
>> clients, given that a cached DNS response will be served directly to a
>> tor client rather than querying an external resolver for the 2nd time.
>
> Note that, whenever possible, Tor relay operators using a local DNS
> resolver should enable qname mininisation [1], so that the resolver only
> sends to the authoritative servers what they need to know to respond.
> Support for qname minimisation has recently been added in unbound [2]
> 1.5.7, and is planned in the future Knot resolver [3].
>
> [1]: https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08
> [2]: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=648
> [3]: https://github.com/CZ-NIC/knot-resolver

It should be noted that on Debian unbound is v. 1.4.17 and support for
qname minimisation has been added in v. 1.5.7

C
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
  - From: Jesse V
- Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
  - From: Alexandros
- Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
  - From: Remi Gacogne

Prev by Author: Re: [tor-relays] Opt-In Trial: Fallback Directory Mirrors
Next by Author: Re: [tor-relays] VPS/Tor Almost There
Previous by thread: Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
Next by thread: Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
Index(es):
- Author
- Thread