I was wondering about how beneficial DNS Crypt or DNS Privacy would be for relays. Is anyone using any kind of encryption for their DNS queries on their relay?
https://networkfilter.blogspot.com/2017/04/be-your-own-vpn-provider-with-ope... shows how to set up multiple dnscrypt proxies on openbsd for redundancy (with a local instance of unbound as well). Any benefit to doing something like this?
Regards Chuck
On 08/06/2017 10:47 PM, Philipp Winter wrote:
On Sun, Aug 06, 2017 at 04:03:53PM -0400, Dennis Emory Hannon wrote:
Guide is meant for debian/linux users http://backplanedns.org/TOR_exit_dns_resolver_howto.htm
I think the solution to Google seeing so many DNS requests is more nuanced. A single organisation seeing that many request is certainly problematic but so is random ASs on the Internet seeing the same requests -- which is what happens when you resolve a domain name on the exit relay. We also want low query latency and integrity, which Google's resolver happens to be good at.
While we can quantify all these properties, there is no easy way to compare them against each other. Do you prefer an exit relay that uses Google or one that exposes your queries to numerous ASs, and is also more likely to be poisoned?
On a more optimistic note, the DNS privacy project is doing some promising work that exit relays may benefit from: https://dnsprivacy.org _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays