[tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

Chuck McAndrew chuck.mcandrew at leblibrary.com
Mon Aug 7 17:04:27 UTC 2017


I was wondering about how beneficial DNS Crypt or DNS Privacy would be
for relays. Is anyone using any kind of encryption for their DNS queries
on their relay?

https://networkfilter.blogspot.com/2017/04/be-your-own-vpn-provider-with-openbsd-v2.html#dns
shows how to set up multiple dnscrypt proxies on openbsd for redundancy
(with a local instance of unbound as well). Any benefit to doing
something like this?

Regards
Chuck

On 08/06/2017 10:47 PM, Philipp Winter wrote:
> On Sun, Aug 06, 2017 at 04:03:53PM -0400, Dennis Emory Hannon wrote:
>> Guide is meant for debian/linux users
>> http://backplanedns.org/TOR_exit_dns_resolver_howto.htm
> 
> I think the solution to Google seeing so many DNS requests is more
> nuanced.  A single organisation seeing that many request is certainly
> problematic but so is random ASs on the Internet seeing the same
> requests -- which is what happens when you resolve a domain name on the
> exit relay.  We also want low query latency and integrity, which
> Google's resolver happens to be good at.
> 
> While we can quantify all these properties, there is no easy way to
> compare them against each other.  Do you prefer an exit relay that uses
> Google or one that exposes your queries to numerous ASs, and is also
> more likely to be poisoned?
> 
> On a more optimistic note, the DNS privacy project is doing some
> promising work that exit relays may benefit from:
> <https://dnsprivacy.org>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 


More information about the tor-relays mailing list