[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
From: "Nathaniel Suchy (Lunorian)" <me@xxxxxxxxxxx>
Date: Fri, 11 May 2018 09:22:29 -0400
Arc-authentication-results: i=1; auth=pass smtp.auth=me@xxxxxxxxxxx smtp.mailfrom=me@xxxxxxxxxxx
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1526044959; h=from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post; bh=lqAKgvzHDWax88L5yWB93Sr7VESSGNfcXRn8DaqhGRc=; b=W8PyZL0jlNReEMfNsuFO4/ZF//7kpRXRyh2p7L5xL67Z4vDcBJ/KZOKsLAo+qQpUGE3x+t DvrGIlu963jRL6N48jBBIkg4otzPHhjspVnkau7MYfCeGvPBYyk527sjBXdSlGWqzYRFj5 Ca7NFpNZDBpdmB8qGX0TZH7djjG04ISOLShzcmRLtPSetuizg6TSFJ1HMKmnUddlYQ+ZUv 3umhRjlxgr7/Kld0bFZIoQAadBalejXu5TSZbWPAv5B2Xx/QBnUO1qQjO8eIlDuaT1DCp1 WNKqPUX8ua1cw8k0Cl3izw6WRH5Ln0XEodZz6EqbhNJfKpf/VlRPkGJoLS/+2w==
Arc-seal: i=1; s=dkim; d=lunorian.is; t=1526044959; a=rsa-sha256; cv=none; b=UGQ2jv3PoTKiH+hMwc6ZG0REmYYdJBH0NhfllouXvH+UPAAQ4Pwpq5WkeGa8OYeu7z0vPw+t97t2PHwVC4FX/rg9ePQmYvfAyDeJCn3WNbAoRw70msc651Dd2NDCOnlsA6JqVuzlHr8OeSwhmP+VazQ4oz9BjZXGFjxXQGUjqQdWpAEKJS7ZzRcLrmSxMBfEPPHd2ImZtJQvybHWHuUd+3hs1karVJLZ4pTRW3/26j0lvALuNDv13ikdWPG1dG5uftAuYgKtUbGp9ma0Ob/S2SL2rRDPuPqsVCeNJv87wZwrVXgvIXjLiqyyHL/KMq2PY/kO1oaGlZ3SmpkttGaN9w==
Autocrypt: addr=me@xxxxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFqE2wkBEAC/GxQ6HUGzogvdh6ofRRHcC0a248dLnGM/DyqotoHuQlIdpKJWsVMt5GLA rfg03HipWRk0C8ClPM5PJoUonlm//cmX1tKEraoqiEA1eDYK2BqGXJmhMosn42FpGg6h2BXD pOBcMCFPotAxp8ZeKIw8mwXpC/tJ9lbiU2t5wSJoJFrX1ZVwOAdaANS7FX23OVm1b3KaAR4Z 7qo6JGcxwrGwkk2hYEg5Uam2+0EIEWwh046wlimO54nZUkvq51/5UkuR/eog9hfwhqOomjDT JSn45443lsxChDPCzwUTXpInRWQlSKFQQCe+1TuOqOuIXoDcdYSSUgCxmUmw8Acy4zcRDLrV s+EeI/8tLkPVb2duXLzUIPX/I4/tcxTYF7tGG5z4g1kgDKMQntcWv4UYAEVgaMOD6UQc/EWX ugVrShWInQ3zswvVsH3DkLmYG8QX4w4YLTpb13ICT23b30Q6g0KRER1n3OovhmJihby2tGlM xgNUqE+JHw6VtJdpEYJCVCX8HUuQilrCWzIaeGC6wvJpy3DukVB1PRiLDYODGF1TZTarryAn uznDqi1JTpbF2h2YoRThj2cOa1+FItVcSfrVosdvlO7Ttj3dC5i7TTfrCBk8DxW2k72rqtcC tz2CuGmRBpmdlXUGFdRLck+qc2d78sGRWLR/aQ1nJGu06MTZ8wARAQABzSBOYXRoYW5pZWwg U3VjaHkgPG1lQGx1bm9yaWFuLmlzPsLBlAQTAQgAPhYhBEdTkX7+BHbOmAoeivM+9dFMIjmS BQJahNsJAhsDBQkHhh+ABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEPM+9dFMIjmSL24P /0j7tkc38Sy0417REtnyXekD89tHStMYfU5hBYkKQC6X3iaG91FQ/P7rdWvdZx5XrZBDAuJ6 MyrbprPfygqhwMsxg7VIRhLf2SCnpAqGKjlYdSyOPBlnBpEGjCPUw6i2EJZuIwIzVboGbvCU R8KNgWtil1wRAJURD8cHWwpciH1zfWfuIZdErN9xXR6IeZjxop2BqgzmgFJMLsZT8NVIJbzw YOeqAcA926gAGVZRMkYLFSSQ6R1+xmLJekDgFQYDB+oCdV7CqkDZz2ExSNVT1AdcM4BFRxuc CbqZluk58BiCqXEkUUVhXeoo3qCkRpP/vxoHj6ScD66VbbUF6WbPBymoP7Z8muEFBXxP2EdU DlQ0tNv8tsVineFOAKFXmnq1sRN8y5q6CsiOEzYGE1zyt3GcaI+8icU61WyPFSPnbP1wwkv4 6MSmx6HGc2d6qQWjIVfcXaI/QH7d4G9nx/4NvhtM6af96PsVfW5lZQ2i5CB6hKEijMMsB4sL BfvUpRDuBYREFOsNhASd9OFEdNalvnbOeWJqcTvh2F18WJFkaaNT0R74zS2HjCVlOtJ8CbvJ 5M/3oVb1gGXX+l1kQiUdMC493BrcJqMOWnRQ4Kv8bzEERhFYzOA3eSNjQjeHbPFhBR9kQd32 zMoWoUlMTQs7DwpRfBAwahcIllA2sjcvJBD7zsFNBFqE2wkBEAD0vhAUYWoAsyfOWO2ouFU9 n7CjDtLmDoFKiV4JnLvurgHa2dZa8+Wo6F68IVCmWmaQhoBBr55ucjUogCVFlDiL4EnA3B/2 KyU502kfu0pSfDUI7hYYlc1D0RS8N6otEjNAv+0cpUHfMHzP1dUQ4voXCmbI4T/S6cXI5oTz 2NW1jL+MNgkndsq9w/+DNWvCdNoGGSwCFSSp7mEMZiYtrlP9uBZIAHlYfuj2SB1aVUBhNIr2 /ELvR1ozZSmYoucODWleQPPNxOQXpTBBssBCx1wAfGywU0VvTgfu/fbYmaRI6/IyXMUqeoZH nVqujfXByNwsKGTA0FlOxtlv9e2H8I8FXRgcJ/07yjjzLMIbrnQ77QIwI3igUcTo9kOOzXcb X6w7EznxDr9GsTwf6VmntUungmYcH6lLua8oBnums9ZV6PS7ajBbYyqndWJD8IpTpwloyVym b5tJfkWmfX21GPnIecg2cBOgpv3i12fX1My9fnigFikwr28fYjdPkHh9eg8YXROAgc45+Hrd f0eo0Bhhp0yIHdBzanwmBsK5qFieB/WEcydtMzdszRStIEY4E9OUIlz/v8E94sM2NeKwhcyQ F1IHmdb51pnjZWjHQs9tFnDWguYYQq5P+ntqKIjC8bSEnew6llra97ZFqrwusX4mlMbG5Zbs ZrgJEZ7sbsDumwARAQABwsF8BBgBCAAmFiEER1ORfv4Eds6YCh6K8z710UwiOZIFAlqE2wkC GwwFCQeGH4AACgkQ8z710UwiOZLCBRAApqtfcSPM74tTyQITmXUhxxXeundNDb+KVpeY5CsM tnykpor/wU7h8i86346T2gvmB0UZ7LuR3t1Kilx8dhIdPBVBfOYmnlTipnHHKIvRIe0rAVmH +StJaU0Ll4goG3k5B/AiSztClw4UoEMYUAL/5ONu9W80oyr9+lFPIL8o1sVHQwkOxHx+lIiC FsGH8K9FDIyUFjrPGFAExlUN8oou/RblBRqyhUG3OzSKhr/SGzgVNZivCmrf47WhlbMJd3ZS XWuqlUoYD67oGPZISCAEzjhtOBNInaG1bxTmGT4aPC+wpU39DgIVNhfORP0K8OkACTQ7WUFD 6fz+3ww1zeajebO4Fo0qX5p8qj89pQpav2e6YgsyLARFOVw3Y//wJxKo3QMdUrllcj+YWrII uBsLDMowsjVaxAPfrdV2OurI7swyNZwZFv1Olqzi5DWqLgQt5RdsW2R80RxK5eHG+FBbgfcQ hSx/zl0IGeyd4RA1WBNiedXKPiEFdWe2mz3LZi2rbpQ2KQ8qB7Sf5wddAeJA99XAG8rVoRCS DV4OjYi2H6lgZavYOjEtkHaJgOlrB3LxEUABSWl93WqKjco9t+GyLU3sh0jEhBRNqPUm49x7 miuumoH8Tj6MogkJwNy6Dw+IuD5i5Bi5vrq7o16/aCi5J4AVdnkinPum40NFR7qgnU4=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 11 May 2018 09:23:03 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1526044959; h=from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post; bh=lqAKgvzHDWax88L5yWB93Sr7VESSGNfcXRn8DaqhGRc=; b=QrNtcyy2ldWlkifX4nsVDN6Pg+m0s/cLyoqX85diBiIP0lw3ofodpDv0TRGw3glG+ERwmQ q6uB5R54KgcRYuweisYucfr36TKDUxxoi1VyiG1FlqI2PQ61zoaDhk+eEALTGsT+xhwBFS 7qpN9k7zk6/Ts2hlKX+71KZK8Jn51l9vB+YPlEeCb9G3xbaGV7mRE4GZC/ecb1BBQ6fRuQ vyXPHi1y5HTr1qx93XWGrvGGIifyRAg3xfzpDxlWuUyW7lIEMsht4nGXeRnWbQ1jkHeMKt 8aGssi1g/R4+rM54NH1OnPLlVYPVS9G6KtCt3cw3XEShLG4+9H83S0T8cYOgQA==
In-reply-to: <db7014f9-de8b-e057-b245-7b7e33a0b416@monksofcool.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
References: <5e7d99ef-9514-cee4-985f-7f1d4a21dfec@riseup.net> <a518aa08-871d-afaf-819f-6e4bee01fb20@enn.lu> <57c450a9-90f4-ac97-4eca-f414df642c0d@riseup.net> <A79DAC1C-64AD-444C-851D-805350A5199B@lunorian.is> <db7014f9-de8b-e057-b245-7b7e33a0b416@monksofcool.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

You have a very good point - we could all run our own resolver(s) with a
fallback. This idea sounds much better than just reassigning trust.

On 5/11/18 8:52 AM, Ralph Seichter wrote:
> On 11.05.18 13:55, Nathaniel Suchy (Lunorian) wrote:
> 
>> My first thought is to use ISP DNS if it’s available - one of the best
>> things about Tor is the split of trust so why aren’t we doing that
>> with DNS? Another alternative is to use trusted recursive DNSCrypt
>> Resolvers (for example dnscrypt.ca - there are plenty of resolvers
>> like this so use a search engine of your choice to find them).
> 
> Assuming you can install whatever software you like, I recommend running
> your own instance of Unbound on your exit node machines. Current Unbound
> versions support DNSSEC validation, QNAME minimisation, etc. While using
> your ISP's resolvers works as a fallback, a local resolver is better and
> easy enough to set up.
> 
> -Ralph
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: nusenu
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: Tyler Durden
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: nusenu
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: Nathaniel Suchy (Lunorian)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: Ralph Seichter

Prev by Author: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
Next by Author: Re: [tor-relays] Verizon AS701 blocking Tor consensus server tor26 (86.59.21.38)
Previous by thread: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
Next by thread: [tor-relays] DNS-over-TLS and DNSPrivacy.org (was: lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare))
Index(es):
- Author
- Thread