[tor-relays] Reminder: exit nodes probably shouldn't be using Google's DNS servers

Libertas libertas at mykolab.com
Thu Jan 8 16:32:21 UTC 2015


On 01/08/2015 11:21 AM, Toralf Förster wrote:
> On 01/08/2015 05:07 PM, Libertas wrote:
>> And add 'nameserver 127.0.0.1' as the first line of your
>> /etc/resolv.conf.tail 
> 
> Why not /etc/resolv.conf.head ??
> 

I was actually just looking into this, and it strangely seems that
OpenBSD doesn't have one. You're right, too - as far as I know, if
you're using DHCP (which is indeed an 'if' in the context of servers),
the dynamic nameserver settings will override resolv.conf.tail's.

That said, you can find dhclient.conf one-liners to set a permanent
primary DNS server on IRC or your search engine of choice. I haven't
tested any (and I don't need any, having a static IP), so I won't
copy-and-paste any here.

I also can't find any mention of resolv.conf.head in the OpenBSD source
code, or any reason online for why it doesn't exist, so I may write a patch.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150108/00d55f92/attachment-0001.sig>


More information about the tor-relays mailing list