[tor-relays] Boosting throughput with own DNS resolvers
Tom van der Woerdt
info at tvdw.eu
Sun Jul 19 20:52:32 UTC 2015
Tim Semeijn schreef op 19/07/15 om 22:47:
> Recently I noticed my Tor Exit nodes were showing nameserver errors in
> the tor log and I decided to set up two private DNS resolvers
> (pdns-recursor). Since I use those I have seen an increase of traffic
> throughput on my Exit nodes to approx. 150%. I feel I am finally
> utilizing the resources available.
>
> All bigger Tor relay operators will probably already do it this way,
> but as I myself have long been using Google DNS or other privacy-aware
> DNS resolvers on my nodes I just wanted to throw this out in the open.
>
> How many of you are already using private DNS resolvers for your
> nodes? Any feedback/ideas about this?
>
> - --
> Tim Semeijn
> Babylon Network
> pgp 0x5B8A4DDF
All my exits run with pdns-recursor installed, because I don't want to
be uploading people's DNS data to Google's search indexer :-)
I applied some tweaks to Tor and pdns :
* Disable DNS randomization (torrc: ServerDNSRandomizeCase 0)
* Disable pdns packetcache (doesn't help much) and allow caching a LOT
of records in the normal cache :
# recursor.conf
disable-packetcache
max-cache-entries=3000000
max-cache-ttl=86400
* Tor's DNS logic is a bit nasty at times... Adding your DNS server to
resolv.conf twice helps :
# /etc/resolv.conf
options timeout:3
nameserver 127.0.0.1
nameserver 127.0.0.2
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3729 bytes
Desc: S/MIME-cryptografische ondertekening
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150719/7c4752ed/attachment.bin>
More information about the tor-relays
mailing list