[tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

Jesse V kernelcorn at riseup.net
Mon Dec 21 01:11:45 UTC 2015


On 12/20/2015 03:47 PM, Green Dream wrote:
>> Weasel and velope on #tor-project suggested that I remove DNSCrypt
>> entirely and let Unbound be a recursive resolver against the root DNS
>> servers, which I have now done. 
> 
> Jesse would you mind sharing how you configured this?

Certainly. My configuration files are here:
https://gist.github.com/Jesse-V/66fe794bf1b9e4ccf852 Unbound does most
of the hard work already and by default queries authoritative DNS
servers. My configuration is based on the manpage, Fedora's default
Unbound configuration, and the optimization suggestions on the Arch
wiki. However, the Gist above is for Ubuntu 14.04, so feel free to merge
and adapt it with your distribution.

I just realized that the word "Unbound" is the opposite of "BIND", the
default DNS software. How clever of them.

-- 
Jesse V

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 538 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151220/14c416ec/attachment.sig>


More information about the tor-relays mailing list