[tor-relays] exit operators: overall DNS failure rate above 5% - please check your DNS
nusenu
nusenu-lists at riseup.net
Sat Oct 20 13:48:00 UTC 2018
> The Tor relays guide in trac makes that recommendation.
https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays
the guide has unbound examples but I tried to make clear that it is not
the only option:
> There are multiple options for DNS server software, unbound has
> become a popular one but feel free to use any other you are
> comfortable with. When choosing your DNS resolver software try to
> ensure it supports DNSSEC validation and QNAME minimisation (
> RFC7816)
other popular DNS software like BIND didn't have RFC7816 support
for long and I don't know if BIND supports RFC7706 (root zone on loopback)
which is also nice to have but not as important as RFC7816.
in anyway prio 1 should be reliability, if it fails 100% of
queries, it does not matter what kind of software is used or
what kind of protocol features are supported and enabled.
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20181020/5c338138/attachment.sig>
More information about the tor-relays
mailing list