[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)



On 11.05.18 13:55, Nathaniel Suchy (Lunorian) wrote:

> My first thought is to use ISP DNS if it’s available - one of the best
> things about Tor is the split of trust so why aren’t we doing that
> with DNS? Another alternative is to use trusted recursive DNSCrypt
> Resolvers (for example dnscrypt.ca - there are plenty of resolvers
> like this so use a search engine of your choice to find them).

Assuming you can install whatever software you like, I recommend running
your own instance of Unbound on your exit node machines. Current Unbound
versions support DNSSEC validation, QNAME minimisation, etc. While using
your ISP's resolvers works as a fallback, a local resolver is better and
easy enough to set up.

-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays