[tor-relays] important DNS tuning for high volume exit relays, fix for Unbound DNS DOS problem
Dhalgren Tor
dhalgren.tor at gmail.com
Mon Apr 11 01:07:27 UTC 2016
I believe I now understand the cause of exit relay failure when
Unbound is the resolver and GoDaddy null-routes the exit.
Both to prevent this DOS from taking out your relay if Unbound is
running and to maximize DNS performance:
with a local instance of Unbound running /etc/resolv.conf should look like
options timeout:5 attempts:1 max-inflight:16384 max-timeouts:1000000
nameserver 127.0.0.1
with a local instance of 'named' running /etc/resolv.conf should look like
options timeout:5 attempts:2 max-inflight:16384 max-timeouts:1000000
nameserver 127.0.0.1
background material for the above recommendations found at
https://trac.torproject.org/projects/tor/ticket/18580#comment:11
https://unbound.net/pipermail/unbound-users/2016-April/004301.html
More information about the tor-relays
mailing list