[tor-relays] Let's increase the amount of exit relays doing DNSSEC validation
Ralph Seichter
m16+tor at monksofcool.net
Tue Apr 10 19:51:56 UTC 2018
On 09.04.18 13:10, nusenu wrote:
> I recommend a local caching unbound (https://unbound.net/) DNS
> resolver without using an upstream DNS forwarder.
No forwarders indeed. Additionally, I recommend the following settings
in the unbound.conf of Tor exits:
# Disable logging.
log-queries: no
log-replies: no
# Sent minimum amount of information to upstream servers to enhance
# privacy. Only sent minimum required labels of the QNAME and set
# QTYPE to NS when possible.
qname-minimisation: yes
# If yes, Unbound doesn't insert authority/additional sections
# into response messages when those sections are not required.
minimal-responses: yes
Logging might be disabled as a default depending on how your Unbound was
built, but I like to make certain.
-Ralph
More information about the tor-relays
mailing list