[tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
Alexander Dietrich
alexander at dietrich.cx
Fri May 11 13:10:11 UTC 2018
On 2018-05-11 14:52, Ralph Seichter wrote:
> Assuming you can install whatever software you like, I recommend
> running
> your own instance of Unbound on your exit node machines. Current
> Unbound
> versions support DNSSEC validation, QNAME minimisation, etc. While
> using
> your ISP's resolvers works as a fallback, a local resolver is better
> and
> easy enough to set up.
We are currently using Unbound plus 2 ISP name servers in
/etc/resolv.conf. I still occasionally see the dreaded "all nameservers
have failed" message, even though the latest Tor release has fixes for
DNS performance (IIRC).
Kind regards,
Alexander
--
PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
More information about the tor-relays
mailing list