[tor-relays] Boosting throughput with own DNS resolvers

Tim Semeijn noc at babylon.network
Sun Jul 19 21:04:44 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I will give running the pdns-recursor locally on the nodes a shot
later the coming week. Probably can squeeze some more throughput out
of it.

Good tips/tweaks!

On 7/19/15 10:52 PM, Tom van der Woerdt wrote:
> Tim Semeijn schreef op 19/07/15 om 22:47:
>> Recently I noticed my Tor Exit nodes were showing nameserver
>> errors in the tor log and I decided to set up two private DNS
>> resolvers (pdns-recursor). Since I use those I have seen an
>> increase of traffic throughput on my Exit nodes to approx. 150%.
>> I feel I am finally utilizing the resources available.
>> 
>> All bigger Tor relay operators will probably already do it this
>> way, but as I myself have long been using Google DNS or other
>> privacy-aware DNS resolvers on my nodes I just wanted to throw
>> this out in the open.
>> 
>> How many of you are already using private DNS resolvers for your 
>> nodes? Any feedback/ideas about this?
>> 
>> - -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF
> 
> All my exits run with pdns-recursor installed, because I don't want
> to be uploading people's DNS data to Google's search indexer :-)
> 
> I applied some tweaks to Tor and pdns :
> 
> * Disable DNS randomization (torrc: ServerDNSRandomizeCase 0) *
> Disable pdns packetcache (doesn't help much) and allow caching a
> LOT of records in the normal cache :
> 
> # recursor.conf disable-packetcache max-cache-entries=3000000 
> max-cache-ttl=86400
> 
> * Tor's DNS logic is a bit nasty at times... Adding your DNS server
> to resolv.conf twice helps :
> 
> # /etc/resolv.conf options timeout:3 nameserver 127.0.0.1 
> nameserver 127.0.0.2
> 
> Tom
> 
> 
> 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

- -- 
Tim Semeijn
Babylon Network
pgp 0x5B8A4DDF
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJVrBDsAAoJEIZioqpbik3fCFUP/jMLYGf46KLNeIfWlXixoAhw
/VLg5KGDNLat53+Xe/KOvNi0UOgQ1SLbq8S4T6tESVV4BsuvuudQEHUGSxCdTDC5
uh1HRd+HkXMqPearc75S7LSgP5rTs6kINlJWP0SSrNa14+c1K3dqK58NxNhd2TlC
X7AU/Vn5+UG4wB95hzVYmb31IPjWod2MMlTKtKroQX36ueLODQXwk7Bx6AtFWSBl
rkE8PNsP7O3DZP0pDaczF5u4STr5iOwpYnY7Z/XyJoj3MmGX/qCuWG2WZq2b6ehX
qcwPmnkOBlz6JrJODvW8Bhm0b/+esZokb848Avu77yyX1KakY57f+tJIbeOR3YWZ
aANrstfZuWxRu72knyHHhh6e58I45cjy8MmBzv0HxS7HXWvQW8dw+1eEtytjECOQ
OepWAV/qlo+5BRAg0U8D9bKXQPv4XBLKXR3JqlFO7lIEUYknaijqd9uLH4Yj8dEC
3Z3rcSr8Co1aAjzzAJWMM+Z/mH3D9TmCmJ0srLmt3ERY1zQGCwlUoByDRFGPg4kU
jI3gvjl1YWGnSC6+P5oc8AeA6bdeJq8ZqbhB2ITVJ5Dw/C/jvi7mx+gWvZaWkRx7
MaF+qcD/jVSXmwdeiXUEJQV8R2EDIeEkkEpQ2KCJKdJlwDsogG9qvwKXrhDwHc85
B1+sQ+MdWn+cC8z83lMv
=V+zF
-----END PGP SIGNATURE-----


More information about the tor-relays mailing list