[tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
Nathaniel Suchy (Lunorian)
me at lunorian.is
Fri May 11 13:22:29 UTC 2018
You have a very good point - we could all run our own resolver(s) with a
fallback. This idea sounds much better than just reassigning trust.
On 5/11/18 8:52 AM, Ralph Seichter wrote:
> On 11.05.18 13:55, Nathaniel Suchy (Lunorian) wrote:
>> My first thought is to use ISP DNS if it’s available - one of the best
>> things about Tor is the split of trust so why aren’t we doing that
>> with DNS? Another alternative is to use trusted recursive DNSCrypt
>> Resolvers (for example dnscrypt.ca - there are plenty of resolvers
>> like this so use a search engine of your choice to find them).
> Assuming you can install whatever software you like, I recommend running
> your own instance of Unbound on your exit node machines. Current Unbound
> versions support DNSSEC validation, QNAME minimisation, etc. While using
> your ISP's resolvers works as a fallback, a local resolver is better and
> easy enough to set up.
> tor-relays mailing list
> tor-relays at lists.torproject.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the tor-relays