[tor-relays] Please need urgent help with the DNS resolver of a fast exit relay

s7r at sky-ip.org s7r at sky-ip.org
Thu Apr 24 16:20:37 UTC 2014

Hash: SHA256


The servers from my ISP are not stable or good enough to handle the
traffic for this Tor exit router.

I get this in the log very often:
Apr 24 15:14:07.000 [notice] Circuit handshake stats since last time:
91633/91636 TAP, 15962/15962 NTor.
Apr 24 17:40:45.000 [warn] eventdns: All nameservers have failed
Apr 24 17:40:45.000 [notice] eventdns: Nameserver <ip>:53 is back up

Both nameservers fail and come back after 1 second, or less.

I don't know what impact will this have on the exit node. Is it any
problem at all?

I have decided also to setup my own DNS resolver and not use the ones
from ISP, so I have installed named.

What I need help is, for your someone to tell me exactly how do i have
to edit named.conf in order to:

1. Enable DNSSEC, for the clients who want to use it. Not make it a
requirement, just enable it and prefer it over normal DNS if and when

2. Be able to resolve all TLDs as described here:

Now I can clearly understand the message from that post but there is
no instruction anywhere about how to do it, those links for Alt Roots
are broken. Is this a requirement? Who needs to resolve silly TLDs not
supported by IANA / ICANN anyway?

3. Cache the records for as long as possible - my relay is already
using a lot of traffic so I have to spare as much as I can.

Please provide me with a good named.conf and description of settings
so I can properly configure a good DNS resolver for my relay.

Thank you in advance!
Version: GnuPG v2.0.17 (MingW32)


More information about the tor-relays mailing list