[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?



On 10/16/2016 04:54 PM, Petrusko wrote:
> Thx for this share.
> 
> But I'm not sure how Unbound is "speaking" with the roots DNS servers...
> Somewhere I've read that DNS queries can be forwarded by a "man in the
> middle", and the server operator can't be sure about this :s
> An ISP is able to do it with your "private server" hosted behind your
> ISP's router...
> 
> I see DNSsec to crypt DNS queries from a client to a server, but for
> sure it's not possible to use it with roots DNS servers...

My VPS host uses 8.8.8.8 for DNS by default. I think it's configured in
their DHCP settings or something because 8.8.8.8 will end up in
/etc/resolv.conf every time the VPS restarts. Consequently, I have to
keep an eye on /etc/resolv.conf to ensure that it always points to my
Unbound instance. I take immediate action if this is not the case.

The dnscrypt repository on Github has a list of public DNS servers. I
point my Unbound instance at one of them and I give Unbound as much RAM
as I can to ensure that it caches as much as possible. In this way, I
can reduce the frequency of lookups to external server. I have had
limited success with DNSSEC. I eventually had to disable it because too
many requests were failing (including torproject.org) and I was not able
to correct the issue. DNSCrypt works just fine though if you can find a
server that supports it.

-- 
Jesse

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays