[tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

nusenu nusenu-lists at riseup.net
Sat May 12 08:54:00 UTC 2018

>> All our nodes are using a local DNS caching server and only use google
>> as a fallback.
> I was also using google just as a fallback; I've now changed my node to
> just use a local resolver, with no fallback.
> Neither the email from nusenu nor the documentation pointed to actually
> says which of these options is preferable. If you (nusenu) are looking
> to reduce the exits using these resolvers, I'd suggest explicitly also
> saying to not use them even as a fallback after a local resolver
> (assuming that's what you want). Maybe you had intended this to come
> across with the existing text, but I don't think it's obvious enough.

Yes, I was not clear on that, thanks for your feedback I amended the text
in the Tor Relay Guide aiming to clarify this.

here is the diff (which includes also other changes)

the most relevant change with regards to your comment is:

was: "Don't use any of the big DNS resolvers to avoid centralization"

is:  "Don't use any of the big DNS resolvers as your primary or fallback DNS resolver to avoid centralization"

"if you want to add a second DNS resolver as a fallback to your /etc/resolv.conf configuration, try to choose a resolver within your autonomous system and make sure it is not your first entry in that file (the first entry should be your local resolver)"

twitter: @nusenu_

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180512/c312dcdb/attachment.sig>

More information about the tor-relays mailing list