[tor-relays] HOW-TO: Simple DNS resolver for tor exit operators
Roman Mamedov
rm at romanrm.net
Tue Sep 12 21:43:50 UTC 2017
On Tue, 12 Sep 2017 23:28:35 +0200
Ralph Seichter <m16+tor at monksofcool.net> wrote:
> On 12.09.17 23:06, Roman Mamedov wrote:
>
> > Too bad DNS servers are not something a regular person can own, so we
> > have to be at mercy of those shady all-knowing uber-powerful Owners
> > of the DNS Servers.
>
> I take it you're being ironic?
Guess I failed at doing that well, if you had to clarify. (Or maybe you didn't
read my entire message.)
> One might say that the more people run their own nameservers, the harder
> it gets for attackers to gather data or interfere with the DNS system.
Running your own authoritative nameservers is laudable as well, but the
current discussion is about recursive resolvers. You know, the likes of
8.8.8.8 and the ones your ISP runs for their clients "to reduce traffic".
Point is that it is entirely possible, and really easy, to just have your own
instance of that. It will not use any fixed "upstream server" other than the
root nameservers (and those, only to ask generic depersonalized stuff such as
"who handles the .com zone").
Note that 'dnsmasq' won't do, that's just a caching proxy to a fixed set of
a few upstream DNS resolvers; you need 'unbound' which IS a full independent
DNS resolver itself.
(Unbound is caching as well, though).
--
With respect,
Roman
More information about the tor-relays
mailing list