[tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound
Cristian Consonni
kikkocristian at gmail.com
Tue Dec 22 00:46:38 UTC 2015
2015-12-20 17:21 GMT+01:00 Remi Gacogne <listes+tor-relays at valombre.net>:
>> On the other hand, I would say using a local DNS cache can increase both
>> your relay's performance and perhaps offers a slight privacy gain to tor
>> clients, given that a cached DNS response will be served directly to a
>> tor client rather than querying an external resolver for the 2nd time.
>
> Note that, whenever possible, Tor relay operators using a local DNS
> resolver should enable qname mininisation [1], so that the resolver only
> sends to the authoritative servers what they need to know to respond.
> Support for qname minimisation has recently been added in unbound [2]
> 1.5.7, and is planned in the future Knot resolver [3].
>
> [1]: https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08
> [2]: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=648
> [3]: https://github.com/CZ-NIC/knot-resolver
It should be noted that on Debian unbound is v. 1.4.17 and support for
qname minimisation has been added in v. 1.5.7
C
More information about the tor-relays
mailing list