[tor-relays] exit operators: overall DNS failure rate above 5% - please check your DNS resolver
Roger Dingledine
arma at torproject.org
Mon Jul 1 05:32:58 UTC 2019
On Mon, Jul 01, 2019 at 10:06:08AM +0500, Roman Mamedov wrote:
> On Mon, 01 Jul 2019 01:32:59 +0000
> "Matt Westfall" <mwestfall at ecansol.com> wrote:
>
> > Just set your exit relay DNS to 8.8.8.8 and 1.1.1.1 I mean dns traffic
> > isn't bulk traffic, let google and CloudFlare do the "work"
>
> It is considered to be a bad idea privacy-wise:
> https://medium.com/@nusenu/who-controls-tors-dns-traffic-a74a7632e8ca
> https://lists.torproject.org/pipermail/tor-relays/2016-May/009255.html
> https://lists.torproject.org/pipermail/tor-relays/2015-January/006146.html
Right, this is not recommended as best practice, because we don't want
these centralized services to be able to see too large a fraction of
exit destinations and timing.
https://freedom-to-tinker.com/2016/09/29/the-effect-of-dns-on-tors-anonymity/
It would be neat for somebody (maybe somebody here?) to be tracking the
fraction of exit weights, over time, that are using these centralized
dns servers. So we can see whether it's a growing issue or a shrinking
issue, to start, and whether we need to reach out to big relay operators
or not.
Thanks,
--Roger
More information about the tor-relays
mailing list