11 May
2018
11 May
'18
1:10 p.m.
On 2018-05-11 14:52, Ralph Seichter wrote:
Assuming you can install whatever software you like, I recommend running your own instance of Unbound on your exit node machines. Current Unbound versions support DNSSEC validation, QNAME minimisation, etc. While using your ISP's resolvers works as a fallback, a local resolver is better and easy enough to set up.
We are currently using Unbound plus 2 ISP name servers in /etc/resolv.conf. I still occasionally see the dreaded "all nameservers have failed" message, even though the latest Tor release has fixes for DNS performance (IIRC). Kind regards, Alexander -- PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB