Hey all,

I've spent a good part of the fall learning about Tor, and I'm excited to start contributing as a relay operator.

DNS seems to be a significant point of confusion. I posted about this a few weeks back (https://forum.torproject.org/t/best-practices-for-dns-local-vs-external-resolver/20803) and got a helpful response from NTH, but there still seems to be uncertainty around DNS performance.

That inspired me to run some tests that might help current and future operators set up more reliable and private DNS. My plan is to run three separate hosts with identical OS/resources and torrc configs, but with different DNS setups based on the three most commonly recommended configurations:

• Node 1: Runs a local Unbound server using itself as the resolver - only contacting recursive resolvers from the node.
• Node 2: Runs an Unbound server on an external IP used by the relay as an upstream resolver, ensuring queries aren't made over a Tor IP.
• Node 3: Uses the ISP's local DNS configuration (no changes from the “out-of-the-box” setup).

Is there another configuration worth testing that I haven't listed here? Have anyone here conducting similar testing? Feel free to email me directly.

I still need to get more comfortable with Prometheus and Tor metrics before I feel ready to run the nodes, so in the meantime I'd really appreciate hearing your thoughts on this kind of contribution.

Happy December 1st everyone.

Riley