[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
From: nusenu <nusenu-lists@xxxxxxxxxx>
Date: Thu, 10 May 2018 22:16:00 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 10 May 2018 18:16:50 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1525990595; bh=QrWQTZzAjfUo++oTvntyCO4yqA5q+UkbptMyYvo290o=; h=To:From:Subject:Date:From; b=fcCKsLPfaL4WmFT85QdX8enZytC3LRrzdTOpndfr4dfw6lH2fdyZ/8GI7t4uTSsQJ ojmxyfa9qNRAMe0+iEMOQjdsAFwvbXat706sooIn8RYgBvMiDqKE/t3lk0PuGsWBdZ dFizB4CqRpr1xyiZL7HfSOjXtjCg6mUFqajY+pro=
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Dear Exit Relay Operators,

I'd like to invite you to check your exit's DNS resolver by 
having a look at the following list of exits using resolvers
outside their AS (especially if it is Google, OpenDNS, Quad9 or Cloudflare).

You can search the list for you contactinfo, relay nickname or relay fingerprint (first 8 characters):

https://gist.github.com/nusenu/cb766ff7945fafd9f90ee7f211a2508f#file-tor-dns-april-2018-txt


I extended the "DNS on Exit Relays" section in the Tor Relay Guide
to include specific instructions what is recommended for Tor exit operators with 
regards to DNS on exit relays.

https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays

If you found yourself on the list above and changed your DNS to a local (same host or same AS)
resolver or found a false-positive, please drop me an email (off-list is also ok).


The goal is to be bellow the following thresholds within one year:
- not have any single remoteAS entity control more than 10% exit capacity
- reduce the overall remoteAS share to bellow 20% exit capacity

the longer version of this can be found at:
https://medium.com/@nusenu/who-controls-tors-dns-traffic-a74a7632e8ca

thanks for helping with DNS decentralization on the tor network,
nusenu

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: Alex Xu
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: Paul
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: Tyler Durden

Prev by Author: Re: [tor-relays] The Onion Box v4.2: Web Interface to monitor your Tor node(s)
Next by Author: Re: [tor-relays] New DNS related fields in the ContactInfo Sharing Specification
Previous by thread: Re: [tor-relays] Strange BGP activity with my node
Next by thread: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
Index(es):
- Author
- Thread