Re: [tor-relays] [warn] eventdns: All nameservers have failed

[Toralf FÃrster <toralf.foerster@xxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 06/19/2016 09:59 PM, pa011 wrote:
> Or are there better working solutions?

I do have only 127.0.0.1 set in my resolv.conf and do use dnsmasq together with strict DNSSEC.
works like a charm and DNSSEC is really a good thing IMO.

The configuration is straight forward:

# grep -v -e '#' -e'^$' /etc/dnsmasq.conf
conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec
dnssec-check-unsigned
no-resolv
server=<snip>
server=<snip>
server=<snip>
server=<snip>
server=<snip>
server=<snip>
cache-size=10000


Furthermore it reduces the load to upstream DNS servers by 1/3 :

# pkill -SIGUSR1 dnsmasq; sleep 1; tail /var/log/messages | grep dnsmasq
Jun 19 22:14:49 ms-magpie dnsmasq[1442]: time 1466367289
Jun 19 22:14:49 ms-magpie dnsmasq[1442]: cache size 10000, 91142/4075150 cache insertions re-used unexpired cache entries.
Jun 19 22:14:49 ms-magpie dnsmasq[1442]: queries forwarded 1665387, queries answered locally 695441
Jun 19 22:14:49 ms-magpie dnsmasq[1442]: DNSSEC memory in use 174384, max 311808, allocated 999984



- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAldm/cIACgkQxOrN3gB26U7r8wD8DDPMBmNHc3ENAQfeYd0clt3X
xPZdiFXwiQ6a94niYu4A/0phgRXBP++MgJOURWHlN3irSJiVkniuUcChSXY8wr8K
=ugdK
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays