On 09.04.18 13:10, nusenu wrote:
I recommend a local caching unbound (https://unbound.net/) DNS resolver without using an upstream DNS forwarder.
No forwarders indeed. Additionally, I recommend the following settings in the unbound.conf of Tor exits:
# Disable logging. log-queries: no log-replies: no
# Sent minimum amount of information to upstream servers to enhance # privacy. Only sent minimum required labels of the QNAME and set # QTYPE to NS when possible. qname-minimisation: yes
# If yes, Unbound doesn't insert authority/additional sections # into response messages when those sections are not required. minimal-responses: yes
Logging might be disabled as a default depending on how your Unbound was built, but I like to make certain.
-Ralph