[tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

[nusenu]

>> All our nodes are using a local DNS caching server and only use google
>> as a fallback.
> 
> I was also using google just as a fallback; I've now changed my node to
> just use a local resolver, with no fallback.
> 
> Neither the email from nusenu nor the documentation pointed to actually
> says which of these options is preferable. If you (nusenu) are looking
> to reduce the exits using these resolvers, I'd suggest explicitly also
> saying to not use them even as a fallback after a local resolver
> (assuming that's what you want). Maybe you had intended this to come
> across with the existing text, but I don't think it's obvious enough.

Yes, I was not clear on that, thanks for your feedback I amended the text
in the Tor Relay Guide aiming to clarify this.

here is the diff (which includes also other changes)
https://trac.torproject.org/projects/tor/wiki/TorRelayGuide?action=diff&version=210


the most relevant change with regards to your comment is:

was: "Don't use any of the big DNS resolvers to avoid centralization"

is:  "Don't use any of the big DNS resolvers as your primary or fallback DNS resolver to avoid centralization"

"if you want to add a second DNS resolver as a fallback to your /etc/resolv.conf configuration, try to choose a resolver within your autonomous system and make sure it is not your first entry in that file (the first entry should be your local resolver)"

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180512/c312dcdb/attachment.sig>