[tor-talk] Which Dns?
Philipp Winter
phw at nymity.ch
Mon Jul 18 15:49:22 UTC 2016
On Mon, Jul 18, 2016 at 08:39:02AM +0200, Flipchan wrote:
> Hi all ! Im configuring a new debian server
> Can anyone recommend a good dns server?
I assume this is for a Tor relay?
> i Dont want to use my isp default one, i found one that sounded good
> when i read about it uncensoreddns.Org. if anyone know of a better
> one let me know :)
If you plan to run an exit relay, you should avoid third party
resolvers. Google currently gets to see ~35% of all DNS requests coming
out of the Tor network. We shouldn't hand any organisation such data on
a silver plate.
If you don't want to use your ISP's resolver, I recommend setting up
your own, local DNS resolver such as unbound. Recent versions of
unbound implement qname minimisation, which is a great feature for exit
relays as it minimises the exposure to some network-level adversaries.
Quoting Peter's quick guide [1] on setting up unbound:
On Thu, Jan 08, 2015 at 04:11:09PM +0100, Peter Palfrader wrote:
> o apt-get install unbound
> o remove all nameserver entries in /etc/resolv.conf and add one for the
> local recursor. Either manually or use (untested):
> sed -i -e 's/^nameserver /#&/; $a nameserver 127.0.0.1' /etc/resolv.conf
> o prevent anything else from modifying that file ever again:
> chattr +i /etc/resolv.conf
[1] <https://lists.torproject.org/pipermail/tor-relays/2015-January/006147.html>
More information about the tor-talk
mailing list