-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi,
The servers from my ISP are not stable or good enough to handle the traffic for this Tor exit router.
I get this in the log very often: Apr 24 15:14:07.000 [notice] Circuit handshake stats since last time: 91633/91636 TAP, 15962/15962 NTor. Apr 24 17:40:45.000 [warn] eventdns: All nameservers have failed Apr 24 17:40:45.000 [notice] eventdns: Nameserver <ip>:53 is back up
Both nameservers fail and come back after 1 second, or less.
I don't know what impact will this have on the exit node. Is it any problem at all?
I have decided also to setup my own DNS resolver and not use the ones from ISP, so I have installed named.
What I need help is, for your someone to tell me exactly how do i have to edit named.conf in order to:
1. Enable DNSSEC, for the clients who want to use it. Not make it a requirement, just enable it and prefer it over normal DNS if and when possible.
2. Be able to resolve all TLDs as described here: https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver#DNSResolverSer...
Now I can clearly understand the message from that post but there is no instruction anywhere about how to do it, those links for Alt Roots are broken. Is this a requirement? Who needs to resolve silly TLDs not supported by IANA / ICANN anyway?
3. Cache the records for as long as possible - my relay is already using a lot of traffic so I have to spare as much as I can.
Please provide me with a good named.conf and description of settings so I can properly configure a good DNS resolver for my relay.
Thank you in advance!