[tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

Paul pa011 at web.de
Sun May 13 13:34:06 UTC 2018

Am 11.05.2018 um 00:16 schrieb nusenu:
> Dear Exit Relay Operators,
> I'd like to invite you to check your exit's DNS resolver by 
> having a look at the following list of exits using resolvers
> outside their AS (especially if it is Google, OpenDNS, Quad9 or Cloudflare).
> You can search the list for you contactinfo, relay nickname or relay fingerprint (first 8 characters):
> https://gist.github.com/nusenu/cb766ff7945fafd9f90ee7f211a2508f#file-tor-dns-april-2018-txt
> I extended the "DNS on Exit Relays" section in the Tor Relay Guide
> to include specific instructions what is recommended for Tor exit operators with 
> regards to DNS on exit relays.
> https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays
> If you found yourself on the list above and changed your DNS to a local (same host or same AS)
> resolver or found a false-positive, please drop me an email (off-list is also ok).
> The goal is to be bellow the following thresholds within one year:
> - not have any single remoteAS entity control more than 10% exit capacity
> - reduce the overall remoteAS share to bellow 20% exit capacity
> the longer version of this can be found at:
> https://medium.com/@nusenu/who-controls-tors-dns-traffic-a74a7632e8ca
> thanks for helping with DNS decentralization on the tor network,
> nusenu

Thank you for giving another helpful push on that nusenu !!

I changed my Linux exits. 
Unfortunately the /etc/resolv.conf gets overwritten on reboot. On Linux I solved that with editing /etc/resolvconf/resolv.conf.d/base. In that file, i put in the info as i would in resolv.conf.


Then i told resolvconf to regenerate resolv.conf

sudo resolvconf -u

How do i protect against overwriting best in FreeBSD (maybe there could be a hint on https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays ) as well?

Where can I find an Update of https://gist.github.com/nusenu/cb766ff7945fafd9f90ee7f211a2508f#file-tor-dns-april-2018-txt ?

How can one find out which DNS resolver an exit uses?


More information about the tor-relays mailing list