[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
From: Alexander Dietrich <alexander@xxxxxxxxxxx>
Date: Fri, 11 May 2018 15:10:11 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 11 May 2018 09:10:23 -0400
In-reply-to: <db7014f9-de8b-e057-b245-7b7e33a0b416@monksofcool.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <5e7d99ef-9514-cee4-985f-7f1d4a21dfec@riseup.net> <a518aa08-871d-afaf-819f-6e4bee01fb20@enn.lu> <57c450a9-90f4-ac97-4eca-f414df642c0d@riseup.net> <A79DAC1C-64AD-444C-851D-805350A5199B@lunorian.is> <db7014f9-de8b-e057-b245-7b7e33a0b416@monksofcool.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 2018-05-11 14:52, Ralph Seichter wrote:

Assuming you can install whatever software you like, I recommendrunningyour own instance of Unbound on your exit node machines. CurrentUnboundversions support DNSSEC validation, QNAME minimisation, etc. Whileusingyour ISP's resolvers works as a fallback, a local resolver is betterand
easy enough to set up.

We are currently using Unbound plus 2 ISP name servers in/etc/resolv.conf. I still occasionally see the dreaded "all nameservershave failed" message, even though the latest Tor release has fixes forDNS performance (IIRC).


Kind regards,
Alexander
--
PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: nusenu
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: Tyler Durden
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: nusenu
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: Nathaniel Suchy (Lunorian)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: Ralph Seichter

Prev by Author: Re: [tor-relays] Verizon AS701 blocking Tor consensus server tor26 (86.59.21.38)
Next by Author: Re: [tor-relays] New relay operator here
Previous by thread: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
Next by thread: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
Index(es):
- Author
- Thread