[tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
Remi Gacogne
listes+tor-relays at valombre.net
Sun Dec 20 16:21:39 UTC 2015
> On the other hand, I would say using a local DNS cache can increase both
> your relay's performance and perhaps offers a slight privacy gain to tor
> clients, given that a cached DNS response will be served directly to a
> tor client rather than querying an external resolver for the 2nd time.
Note that, whenever possible, Tor relay operators using a local DNS
resolver should enable qname mininisation [1], so that the resolver only
sends to the authoritative servers what they need to know to respond.
Support for qname minimisation has recently been added in unbound [2]
1.5.7, and is planned in the future Knot resolver [3].
[1]: https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08
[2]: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=648
[3]: https://github.com/CZ-NIC/knot-resolver
More information about the tor-relays
mailing list