[tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

Ralph Seichter m16+tor at monksofcool.net
Tue Sep 12 22:00:13 UTC 2017


On 12.09.17 23:43, Roman Mamedov wrote:

> > I take it you're being ironic?
>
> Guess I failed at doing that well, if you had to clarify. (Or maybe
> you didn't read my entire message.)

I did read it. Just the pitfalls of non-verbal communication, and I'm
also not a native English speaker. ;-)

> Running your own authoritative nameservers is laudable as well, but the
> current discussion is about recursive resolvers. You know, the likes of
> 8.8.8.8 and the ones your ISP runs for their clients "to reduce traffic".

If you read *my* messages in this thread, you'll find that I am fully
aware of this. I even mentioned Google's infamous resolver by IP. :-)
I came across one ISP so far which does not provide resolvers for their
customers but points resolv.conf to Google's servers. Not good.

> Note that 'dnsmasq' won't do, that's just a caching proxy to a fixed
> set of a few upstream DNS resolvers; you need 'unbound' which IS a full
> independent DNS resolver itself.

Yeah, I use Unbound and BIND myself, with the former of course being
much more frugal in terms of resource requirements. Easy to set up, too.

-Ralph


More information about the tor-relays mailing list