Hello,
I am looking for instructions on how to configure dnsmasq on a Debian exit relay (in order to cache DNS queries).
It looks like this package could introduce vulnerabilities if not handled properly, because it provides more than just local DNS cache.
If I had to install it without any advice, I would do this :
1) Install dnsmaq package with the command "aptitude install dnsmask" .
2) Make sure that the first line of the file /etc/resolv.conf is "nameserver 127.0.0.1" (see https://wiki.debian.org/HowTo/dnsmasq#Local_Caching ).
3) Make sure that the file /etc/dnsmasq.conf contains the line "listen-address=127.0.0.1" (to restrict dnsmasq to the local system).
4) Set the cache size to 10000 by adding or editing this line "cache-size=10000" in the file /etc/dnsmasq.conf (as suggested by Igor Mitrofanov here https://lists.torproject.org/pipermail/tor-relays/2017-August/012708.html ).
5) Reboot (is it necessary ?).
Does anyone think that this procedure could start a daemon listening on a port of my server ? Or is it safe to do this on my exit relay ?
Regards