DNS Caching (not Cash) simple does a normal lookup for an DNS domain requested and remembers it for some period of time so that it can answer from its cache of known addresses in microseconds (instead of the hundreds of milliseconds it might take to inquire over the internet) the next time that address resolution is requested.
All caching software will eventually "forget" and re-inquire, since addresses do change occasionally. But think of that happening once every hour or four.
For example, think of a bitcoin miner setup to mine against a pool, say btc.viabtc.com. The first time the miner asks for work a request is sent to the caching DNS server to resolve btc.viabtc.com. The server, doesn't know who that is so goes upstream to the internet to its forwarding server, lets say 8.8.8.8, to get the answer. That server responds in a, say 150 milliseconds with the answer: 172.65.233.152. The caching server remembers that answer and responds with it to the bitcoin miner who then initiates a connection to 172.64.233.152:3333 (3333 is the port number on the server that responds to work request). About 2 minutes later, the miner will have completed its work and will request more work from btc.viabtc.com - but this time the caching server knows the answer and can respond in a millisecond or less with the answer. So its more efficient...
Not a bit idea of your site has 1 bitcoin miner, but if it a farm, it might have anywhere from 100 to 100,000 bitcoin miners - that difference of 149 milliseconds really adds up.
With regards to "safety", I suppose... maybe. If the google public dns server got hacked and instead of answering with 172.65.233.152 instead answered with 172.65.230.171 (a competitors pool that also runs on port 3333), you would have the hours before the cache expired for google to figure it out and correct things. The "maybe" comes from the timing required. If you caching dns server happened to hit googles dns server when it was corrupted, and google fixed things seconds later, your caching server would continue to respond with the wrong address until the entry expired.
So I'd say "Not really". Hope the above explains why...
On 4/9/2022 7:05 PM, onionize@riseup.net wrote:
Does Cash DNS give some advantages in safety? On 2022-04-08 08:06, Thoughts wrote:
Note that any dns caching software would help, unbound is just one popular one. dnsmasq is another. In fact, if you wanted to, you could use the full bind package and configure it for caching and forwarding, although that would be a bit of overkill. Once you install caching software, make sure your /etc/resolv.conf or equivalent is pointing to 127.0.0.1 as its first reference. On 4/8/2022 2:04 AM, abuse--- via tor-relays wrote:
From my point of view, it's mostly about reliability. You can use the hoster's DNS resolver, but be aware that a high-bandwidth exit asks a lot of DNS requests. Not every hoster's DNS resolver might be able to cope with it and as a result your exit might give users a poor experience.
Best Regards,
Kristian
Apr 8, 2022, 07:20 by onionize@riseup.net:
I was setting up exit nodes and I had a question. Why is it recommended
to use DNS caching software Unbound? What benefits does it provide
compared to using hoster's DNS resolver?
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays