[tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

Nathaniel Suchy (Lunorian) me at lunorian.is
Fri May 11 13:22:29 UTC 2018


You have a very good point - we could all run our own resolver(s) with a
fallback. This idea sounds much better than just reassigning trust.

On 5/11/18 8:52 AM, Ralph Seichter wrote:
> On 11.05.18 13:55, Nathaniel Suchy (Lunorian) wrote:
> 
>> My first thought is to use ISP DNS if it’s available - one of the best
>> things about Tor is the split of trust so why aren’t we doing that
>> with DNS? Another alternative is to use trusted recursive DNSCrypt
>> Resolvers (for example dnscrypt.ca - there are plenty of resolvers
>> like this so use a search engine of your choice to find them).
> 
> Assuming you can install whatever software you like, I recommend running
> your own instance of Unbound on your exit node machines. Current Unbound
> versions support DNSSEC validation, QNAME minimisation, etc. While using
> your ISP's resolvers works as a fallback, a local resolver is better and
> easy enough to set up.
> 
> -Ralph
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180511/7c45e146/attachment.sig>


More information about the tor-relays mailing list