[tor-relays] dnsmasq configuration for an exit relay (Debian)
Toralf Förster
toralf.foerster at gmx.de
Sun Oct 8 07:47:27 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 10/08/2017 05:41 AM, Igor Mitrofanov wrote:
> Here's what I personally recommend:
> # DNS servers
>
> no-resolv
>
> no-poll
>
> no-hosts
>
> server=8.8.4.4
>
> server=8.26.56.26
>
> server=74.82.42.42
>
> server=64.6.64.6
>
> server=8.8.8.8
>
> server=8.20.247.20
>
> server=64.6.65.6
IMO there's absolutely no advantage of using external DNS servers.
The AS of the Tor exit Relay will already see the in and outgoing traffic.
So this will just spread out information to therd parties too w/o any additional security.
There're a lot of papers around that topic, eg. in [ 1]
[1] https://nymity.ch/tor-dns/
- --
Toralf
PGP C4EACDDE 0076E94E
-----BEGIN PGP SIGNATURE-----
iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWdnYCxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTid0AP4nEna1cQ22acUjf3NmFAn7vZuk
nIrP8yFjIcFk+sbmjgD/UlS7E0boHEUDotMmplvpiWU5L/YkMofa9Zep93D76Jw=
=2LgX
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list