[tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

Matthew Finkel matthew.finkel at gmail.com
Sat May 12 04:50:29 UTC 2018


On Fri, May 11, 2018 at 10:54:06PM -0500, Andrew Deason wrote:
> On Thu, 10 May 2018 22:37:00 +0000
> Tyler Durden <virii at enn.lu> wrote:
> 
> > All our nodes are using a local DNS caching server and only use google
> > as a fallback.
> 
> I was also using google just as a fallback; I've now changed my node to
> just use a local resolver, with no fallback.

Thank you!

> 
> Neither the email from nusenu nor the documentation pointed to actually
> says which of these options is preferable. If you (nusenu) are looking
> to reduce the exits using these resolvers, I'd suggest explicitly also
> saying to not use them even as a fallback after a local resolver
> (assuming that's what you want). Maybe you had intended this to come
> across with the existing text, but I don't think it's obvious enough.

But isn't that what the subject line says? And the original email
contains:

> The goal is to be bellow the following thresholds within one year:
>   not have any single remoteAS entity control more than 10% exit capacity
>   reduce the overall remoteAS share to bellow 20% exit capacity

Maybe it would help clarifying that almost any use of the above
mentioned Open DNS resolvers qualifies as using a remoteAS (therefore
contributing to its control of exit capacity) - even if that resolver is
configured as a fallback.

Thanks again for adjusting your configuration.


More information about the tor-relays mailing list