[tor-relays] Strange difference between rx and tx traffic
David S
ds at bitmail.cc
Tue Sep 27 18:03:30 UTC 2016
On 09/27/2016 04:39 PM, pa011 wrote:
> Yes I know Tristan -Thank you for reminding (a quick good tutorial would make change easier)
here's just an example how i have it setup:
on ubuntu: apt install unbound dnscrypt-proxy
add this to /etc/rc.local:
/usr/sbin/dnscrypt-proxy -a 127.0.0.1:40 -u _dnscrypt-proxy -d -l
/dev/null -R dnscrypt.eu-nl
/usr/sbin/dnscrypt-proxy -a 127.0.0.1:41 -u _dnscrypt-proxy -d -l
/dev/null -R dnscrypt.org-fr
/usr/sbin/dnscrypt-proxy -a 127.0.0.1:42 -u _dnscrypt-proxy -d -l
/dev/null -R dnscrypt.eu-dk
edit /etc/unbound/unbound.conf:
server:
interface: 127.0.0.1
do-ip6: no
verbosity: 1
do-not-query-localhost: no
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
hide-identity: yes
hide-version: yes
auto-trust-anchor-file: "/var/lib/unbound/root.key"
# get a fresh copy from time to time from here:
# ftp://FTP.INTERNIC.NET/domain/named.cache
root-hints: "/var/lib/unbound/root.hints"
remote-control:
control-enable: yes
control-use-cert: no
control-interface: /var/run/unbound.sock
forward-zone:
name: "."
forward-addr: 127.0.0.1 at 40 # dnscrypt-proxy
forward-addr: 127.0.0.1 at 41 # dnscrypt-proxy 2
forward-addr: 127.0.0.1 at 42 # dnscrypt-proxy 3
change your /etc/resolv.conf:
nameserver 127.0.0.1
for unbound: "auto-trust-anchor-file" and "auto-trust-anchor-file" is
for enabling DNSSEC. it's optional. you'd have to fetch the file
root-hints. "unbound-anchor" can take care of the auto-trust-anchor-file.
More information about the tor-relays
mailing list