[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- To: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- From: "Nathaniel Suchy (Lunorian)" <me@xxxxxxxxxxx>
- Date: Sat, 12 May 2018 16:03:00 +0000
- Arc-authentication-results: i=1; auth=pass smtp.auth=me@xxxxxxxxxxx smtp.mailfrom=me@xxxxxxxxxxx
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1526140999; h=from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post; bh=4au52O+4qwOVPzTV9RjHaIEsCaqSos8E9xY4Bm6HPWM=; b=nona7IDbevWaxV/Cq4Ff8xl+P2kr+rkDkf1KLro31jByAp7Qgc73pjAQwp82jJlZvtyQIW BrvXu88xZJEcVZO2wYfP5EbTp7SzXCBfbZ7vKi6KAJpO6KxCpC16TItSu++yNfZNThsZHR K+VWlFFnhMzjHERcx1mFUHyhdQQlI7UZANok1MA8H6YhWMaPAXfu8DEwkzNzmshU0IV9k2 HSlonVKVKIzpubo6Tv4Usqx1XrwHlTJk3atDF0Ps7Db0ESG4jCs2aA3KTA6NWu4TEoeVq/ DDLR6FWI7ubHlljPwrgxysI7E5hDO1670RT/Y+ONLKoHv61X+60dkmOXfStRgg==
- Arc-seal: i=1; s=dkim; d=lunorian.is; t=1526140999; a=rsa-sha256; cv=none; b=U91HyubwyDB27BAKECPiucHZ5BaNjU48fZeJXJ3kJEFj5btX+mufvW1SxGBvJ7/ar6Dj/3koWEte+lmPlYOpO6XCjPu8JJKQLdC5qBfdjJwnNjBRRO6qYk45eLc4DDDsbVGFXEDZxtWW/TOXS35AMAAo5DuijWW6mavg0ilswJGdPqZkPEC7757Nk2o855AUGnLDwa2YKashpuoADIT6YwUlvXQN6QhTbIsfl2VUZgR5zgcIBm7pXF+9hi73c1RA9w/QklhFsVNl3Ax9Oj7Vj9n09O7lKocdTUWWpC3X7WwA6HHNfXqdJA1Njbu3hBGknENIp2lK7q3xxRLxZqB9rg==
- Autocrypt: addr=me@xxxxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFqE2wkBEAC/GxQ6HUGzogvdh6ofRRHcC0a248dLnGM/DyqotoHuQlIdpKJWsVMt5GLA rfg03HipWRk0C8ClPM5PJoUonlm//cmX1tKEraoqiEA1eDYK2BqGXJmhMosn42FpGg6h2BXD pOBcMCFPotAxp8ZeKIw8mwXpC/tJ9lbiU2t5wSJoJFrX1ZVwOAdaANS7FX23OVm1b3KaAR4Z 7qo6JGcxwrGwkk2hYEg5Uam2+0EIEWwh046wlimO54nZUkvq51/5UkuR/eog9hfwhqOomjDT JSn45443lsxChDPCzwUTXpInRWQlSKFQQCe+1TuOqOuIXoDcdYSSUgCxmUmw8Acy4zcRDLrV s+EeI/8tLkPVb2duXLzUIPX/I4/tcxTYF7tGG5z4g1kgDKMQntcWv4UYAEVgaMOD6UQc/EWX ugVrShWInQ3zswvVsH3DkLmYG8QX4w4YLTpb13ICT23b30Q6g0KRER1n3OovhmJihby2tGlM xgNUqE+JHw6VtJdpEYJCVCX8HUuQilrCWzIaeGC6wvJpy3DukVB1PRiLDYODGF1TZTarryAn uznDqi1JTpbF2h2YoRThj2cOa1+FItVcSfrVosdvlO7Ttj3dC5i7TTfrCBk8DxW2k72rqtcC tz2CuGmRBpmdlXUGFdRLck+qc2d78sGRWLR/aQ1nJGu06MTZ8wARAQABzSBOYXRoYW5pZWwg U3VjaHkgPG1lQGx1bm9yaWFuLmlzPsLBlAQTAQgAPhYhBEdTkX7+BHbOmAoeivM+9dFMIjmS BQJahNsJAhsDBQkHhh+ABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEPM+9dFMIjmSL24P /0j7tkc38Sy0417REtnyXekD89tHStMYfU5hBYkKQC6X3iaG91FQ/P7rdWvdZx5XrZBDAuJ6 MyrbprPfygqhwMsxg7VIRhLf2SCnpAqGKjlYdSyOPBlnBpEGjCPUw6i2EJZuIwIzVboGbvCU R8KNgWtil1wRAJURD8cHWwpciH1zfWfuIZdErN9xXR6IeZjxop2BqgzmgFJMLsZT8NVIJbzw YOeqAcA926gAGVZRMkYLFSSQ6R1+xmLJekDgFQYDB+oCdV7CqkDZz2ExSNVT1AdcM4BFRxuc CbqZluk58BiCqXEkUUVhXeoo3qCkRpP/vxoHj6ScD66VbbUF6WbPBymoP7Z8muEFBXxP2EdU DlQ0tNv8tsVineFOAKFXmnq1sRN8y5q6CsiOEzYGE1zyt3GcaI+8icU61WyPFSPnbP1wwkv4 6MSmx6HGc2d6qQWjIVfcXaI/QH7d4G9nx/4NvhtM6af96PsVfW5lZQ2i5CB6hKEijMMsB4sL BfvUpRDuBYREFOsNhASd9OFEdNalvnbOeWJqcTvh2F18WJFkaaNT0R74zS2HjCVlOtJ8CbvJ 5M/3oVb1gGXX+l1kQiUdMC493BrcJqMOWnRQ4Kv8bzEERhFYzOA3eSNjQjeHbPFhBR9kQd32 zMoWoUlMTQs7DwpRfBAwahcIllA2sjcvJBD7zsFNBFqE2wkBEAD0vhAUYWoAsyfOWO2ouFU9 n7CjDtLmDoFKiV4JnLvurgHa2dZa8+Wo6F68IVCmWmaQhoBBr55ucjUogCVFlDiL4EnA3B/2 KyU502kfu0pSfDUI7hYYlc1D0RS8N6otEjNAv+0cpUHfMHzP1dUQ4voXCmbI4T/S6cXI5oTz 2NW1jL+MNgkndsq9w/+DNWvCdNoGGSwCFSSp7mEMZiYtrlP9uBZIAHlYfuj2SB1aVUBhNIr2 /ELvR1ozZSmYoucODWleQPPNxOQXpTBBssBCx1wAfGywU0VvTgfu/fbYmaRI6/IyXMUqeoZH nVqujfXByNwsKGTA0FlOxtlv9e2H8I8FXRgcJ/07yjjzLMIbrnQ77QIwI3igUcTo9kOOzXcb X6w7EznxDr9GsTwf6VmntUungmYcH6lLua8oBnums9ZV6PS7ajBbYyqndWJD8IpTpwloyVym b5tJfkWmfX21GPnIecg2cBOgpv3i12fX1My9fnigFikwr28fYjdPkHh9eg8YXROAgc45+Hrd f0eo0Bhhp0yIHdBzanwmBsK5qFieB/WEcydtMzdszRStIEY4E9OUIlz/v8E94sM2NeKwhcyQ F1IHmdb51pnjZWjHQs9tFnDWguYYQq5P+ntqKIjC8bSEnew6llra97ZFqrwusX4mlMbG5Zbs ZrgJEZ7sbsDumwARAQABwsF8BBgBCAAmFiEER1ORfv4Eds6YCh6K8z710UwiOZIFAlqE2wkC GwwFCQeGH4AACgkQ8z710UwiOZLCBRAApqtfcSPM74tTyQITmXUhxxXeundNDb+KVpeY5CsM tnykpor/wU7h8i86346T2gvmB0UZ7LuR3t1Kilx8dhIdPBVBfOYmnlTipnHHKIvRIe0rAVmH +StJaU0Ll4goG3k5B/AiSztClw4UoEMYUAL/5ONu9W80oyr9+lFPIL8o1sVHQwkOxHx+lIiC FsGH8K9FDIyUFjrPGFAExlUN8oou/RblBRqyhUG3OzSKhr/SGzgVNZivCmrf47WhlbMJd3ZS XWuqlUoYD67oGPZISCAEzjhtOBNInaG1bxTmGT4aPC+wpU39DgIVNhfORP0K8OkACTQ7WUFD 6fz+3ww1zeajebO4Fo0qX5p8qj89pQpav2e6YgsyLARFOVw3Y//wJxKo3QMdUrllcj+YWrII uBsLDMowsjVaxAPfrdV2OurI7swyNZwZFv1Olqzi5DWqLgQt5RdsW2R80RxK5eHG+FBbgfcQ hSx/zl0IGeyd4RA1WBNiedXKPiEFdWe2mz3LZi2rbpQ2KQ8qB7Sf5wddAeJA99XAG8rVoRCS DV4OjYi2H6lgZavYOjEtkHaJgOlrB3LxEUABSWl93WqKjco9t+GyLU3sh0jEhBRNqPUm49x7 miuumoH8Tj6MogkJwNy6Dw+IuD5i5Bi5vrq7o16/aCi5J4AVdnkinPum40NFR7qgnU4=
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Sat, 12 May 2018 12:03:41 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1526140999; h=from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post; bh=4au52O+4qwOVPzTV9RjHaIEsCaqSos8E9xY4Bm6HPWM=; b=PdVmJG77cvryZXSLXs4RQMRyl8QWtHkNwBRmgvHlrs2bDsMir+UHAqPsbq5OPLyXgHrglg D7PXB/xLhE3FPsWOp7BsfryuVL8RArQ3fTt18GrVZTfvp+0CPYMy3elbAD/eHE+FsPdsSW Zt1E5PaLwaRL1I77y9P9I6JOQPp9AoBthps+N5WOJmB9tbF/A5m/MXpHxxqaetenccuyCr rgJhvbOdBZw2YAL/8N8dR+0yCWS05N6zTfUL4ZzZCyspCKVGyqKUUDDwRn4dckLP7eyrrq MAxYxTPgZ+nHoWKrygAyK3EHs7Ik5BjLxQvlvbkBxW0KdV5D6i7MT/4n7qcytA==
- In-reply-to: <f80b56a9-4a23-6688-bee5-c9efd3816222@riseup.net>
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- References: <5e7d99ef-9514-cee4-985f-7f1d4a21dfec@riseup.net> <a518aa08-871d-afaf-819f-6e4bee01fb20@enn.lu> <20180511225406.70cfb3be4d2f8b90525f62c8@dson.org> <20180512045029.fw66k7xz47xluw7j@localhost> <20180512011822.249f6b72cb9bcde30b1e107b@dson.org> <f80b56a9-4a23-6688-bee5-c9efd3816222@riseup.net>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
I don't know how everyone else feels about this - rather than using a
secondary resolver in the event Unbound fails - why not let the query
fail and the user have to try again? Is there any reason to risk letting
a third party resolver possibly log exit node DNS queries?
nusenu:
>
>
> Andrew Deason:
>> An operator may think they're not "using" google's dns because they're
>> pointed at localhost first, and their local resolver is working, so they
>> shouldn't normally be using the fallback so it doesn't matter. Obviously
>> that's not true, otherwise such relays wouldn't be identified in that
>> list :) I imagine it's not _as_ bad as depending on google's dns first,
>> but maybe that is an insignificant difference.
>
> yes there appear to be rather different interpretations as to when
> secondary resolvers (lines coming after the first nameserver line in /etc/resolv.conf)
> are actually contacted.
> So far I can tell it does not only depend on the functioning of the primary
> resolver, but yes I believe it makes a significant difference if you use
> a resolver in the first or secondary position (unless you enabled round-robin).
>
> Next time I measure, I aim to better differentiate what relays use what resolver as primary
> or secondary resolver.
>
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- References:
- [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Prev by Author:
Re: [tor-relays] Verizon AS701 blocking Tor consensus server tor26 (86.59.21.38)
- Next by Author:
Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Previous by thread:
Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Next by thread:
Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
- Index(es):