-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I will give running the pdns-recursor locally on the nodes a shot later the coming week. Probably can squeeze some more throughput out of it.
Good tips/tweaks!
On 7/19/15 10:52 PM, Tom van der Woerdt wrote:
Tim Semeijn schreef op 19/07/15 om 22:47:
Recently I noticed my Tor Exit nodes were showing nameserver errors in the tor log and I decided to set up two private DNS resolvers (pdns-recursor). Since I use those I have seen an increase of traffic throughput on my Exit nodes to approx. 150%. I feel I am finally utilizing the resources available.
All bigger Tor relay operators will probably already do it this way, but as I myself have long been using Google DNS or other privacy-aware DNS resolvers on my nodes I just wanted to throw this out in the open.
How many of you are already using private DNS resolvers for your nodes? Any feedback/ideas about this?
- -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF
All my exits run with pdns-recursor installed, because I don't want to be uploading people's DNS data to Google's search indexer :-)
I applied some tweaks to Tor and pdns :
- Disable DNS randomization (torrc: ServerDNSRandomizeCase 0) *
Disable pdns packetcache (doesn't help much) and allow caching a LOT of records in the normal cache :
# recursor.conf disable-packetcache max-cache-entries=3000000 max-cache-ttl=86400
- Tor's DNS logic is a bit nasty at times... Adding your DNS server
to resolv.conf twice helps :
# /etc/resolv.conf options timeout:3 nameserver 127.0.0.1 nameserver 127.0.0.2
Tom
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF