[tor-relays] ORSN DNS servers vs OpenNic
teor
teor2345 at gmail.com
Mon Aug 7 06:23:06 UTC 2017
> On 6 Aug 2017, at 02:57, Petrusko <petrusko at riseup.net> wrote:
>
> On my LAN I'm using Unbound, forwarding all requests to "root servers".
>
> I've read it's not really cool for a high traffic server, to preserve
> those root servers...?
> But for home, I think it's perfect.
>
> For an exit, why not using too a dns cache as Igor said, may be less
> agressive for the root servers ? :
>
> On your node, run dnsmasq with a large (10000) cache as a fast and
> secure alternative to running a full DNS server. That can prevent some
> DNS-based timing attacks.
>
> Is it a good idea to use those roots servers ?
> I'm not 100% sure about requests because of MITM attack, but better than
> GoogleDNS ?
Using a caching, recursive resolver should be fine.
(Then the root servers only answer queries for top-level domains.)
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170807/48889c7a/attachment.sig>
More information about the tor-relays
mailing list