> The Tor relays guide in trac makes that recommendation. https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays
the guide has unbound examples but I tried to make clear that it is not the only option: > There are multiple options for DNS server software, unbound has > become a popular one but feel free to use any other you are > comfortable with. When choosing your DNS resolver software try to > ensure it supports DNSSEC validation and QNAME minimisation ( > RFC7816) other popular DNS software like BIND didn't have RFC7816 support for long and I don't know if BIND supports RFC7706 (root zone on loopback) which is also nice to have but not as important as RFC7816. in anyway prio 1 should be reliability, if it fails 100% of queries, it does not matter what kind of software is used or what kind of protocol features are supported and enabled. -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
