[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- To: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- From: Ralph Seichter <m16+tor@xxxxxxxxxxxxxxx>
- Date: Fri, 11 May 2018 14:52:20 +0200
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Fri, 11 May 2018 08:52:42 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=monksofcool.net; s=201802; t=1526043141; bh=W1qKw3iy5Yf2Gs2MAb0nWYg4j1G8AER/J9TaQjktl6g=; h=Subject:To:References:From:Message-ID:Date:User-Agent:In-Reply-To: Content-Type:Content-Language; b=hwDzQ3ZXFHiSITa7pebivKjYs1RWDKqAu7rxDjUM1Oo4MMvjsC+wu20hsPrDuX/jJ 9uZThtm2qqi+GpkLwv03gRGwGo2suLEEhAUH5m5y5KZg0N2/Hp46r+Sf+yEpT6IKUE 86ePSmw5AypIjES3C2ZNw9fIWF6l+NnaRCefGp+UIvUNZACrnl1MS+WpfvQNQR5JUW R8VMIScO/+T07eMDaM7PC/DUZgx6acgBvVGp+i/lYuYCEyB82sW0SN8R55WH82Xd+t N9+0RQavr7ySLbElhoeXLdQlQsyuvgqcT8BdckJTmkOHeDKREuaLlpeRhFek7JsMe7 4q9yYSlO+tWww==
- In-reply-to: <A79DAC1C-64AD-444C-851D-805350A5199B@lunorian.is>
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- References: <5e7d99ef-9514-cee4-985f-7f1d4a21dfec@riseup.net> <a518aa08-871d-afaf-819f-6e4bee01fb20@enn.lu> <57c450a9-90f4-ac97-4eca-f414df642c0d@riseup.net> <A79DAC1C-64AD-444C-851D-805350A5199B@lunorian.is>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
On 11.05.18 13:55, Nathaniel Suchy (Lunorian) wrote:
> My first thought is to use ISP DNS if it’s available - one of the best
> things about Tor is the split of trust so why aren’t we doing that
> with DNS? Another alternative is to use trusted recursive DNSCrypt
> Resolvers (for example dnscrypt.ca - there are plenty of resolvers
> like this so use a search engine of your choice to find them).
Assuming you can install whatever software you like, I recommend running
your own instance of Unbound on your exit node machines. Current Unbound
versions support DNSSEC validation, QNAME minimisation, etc. While using
your ISP's resolvers works as a fallback, a local resolver is better and
easy enough to set up.
-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- Follow-Ups:
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- From: Nathaniel Suchy (Lunorian)
- [tor-relays] DNS-over-TLS and DNSPrivacy.org (was: lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare))
- References:
- [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- From: Nathaniel Suchy (Lunorian)