[tor-relays] Tor Relay Web Ports

William Kane ttallink at googlemail.com
Wed May 20 21:07:49 UTC 2020


Port 53 over TCP (DNS) seems useless, it won't be used at all or only
very rarely - your exit already resolves domain names for your
clients, this is why it's recommended to have a local recursive
resolver installed instead of passing on DNS requests to remote
services such as Google or Cloudflare DNS, due to the possibility of
correlation and anonymity compromising attacks:

https://medium.com/@nusenu/who-controls-tors-dns-traffic-a74a7632e8ca
https://medium.com/@nusenu/what-fraction-of-tors-dns-traffic-goes-to-google-and-cloudflare-492229ccfd42

If you open up 80 and 443, expect to receive a lot of abuse mails
related to brute-forcing or exploit attempts, and having to deal with
the occasional douche-bag downloading child porn from a clear-net
hoster and confused law enforcement agencies.

If that doesn't bother you or your hoster (in the case of OVH, it
will, I can guarantee you that), then go ahead.

OVH is a bad provider though, over-congested network due to all the
seed boxes, bad peering, many Tor nodes already hosted there, etc.

All that means please don't host another node there, instead go for a
small provider, ideally also in a country which does not host a lot of
Tor nodes already, see if they host only a handful of Tor nodes,
ideally colocate, get your own IP range and ask them to modify the
abuse address for the range to an address you control.

After that is all done, you can safely ignore most abuse reports
unless they actually have a case against you, which, in most countries
is not possible due to network providers being protected from
liability by the law.

Hope this helps.


2020-05-20 7:24 GMT, mnlph74 <mnlph74 at protonmail.com>:
> Hi, I'm running a non-exit relay for quite some time now and I would like to
> open ports 53, 80, 443 (web ports) to be more useful.
> How do you handle fraudulent complaints? What is the best approach to this
> situation? Thank you for your help.
>
> Sent with ProtonMail Secure Email.


More information about the tor-relays mailing list