On Mon, Jul 18, 2016 at 08:39:02AM +0200, Flipchan wrote: > Hi all ! Im configuring a new debian server > Can anyone recommend a good dns server?
I assume this is for a Tor relay? > i Dont want to use my isp default one, i found one that sounded good > when i read about it uncensoreddns.Org. if anyone know of a better > one let me know :) If you plan to run an exit relay, you should avoid third party resolvers. Google currently gets to see ~35% of all DNS requests coming out of the Tor network. We shouldn't hand any organisation such data on a silver plate. If you don't want to use your ISP's resolver, I recommend setting up your own, local DNS resolver such as unbound. Recent versions of unbound implement qname minimisation, which is a great feature for exit relays as it minimises the exposure to some network-level adversaries. Quoting Peter's quick guide [1] on setting up unbound: On Thu, Jan 08, 2015 at 04:11:09PM +0100, Peter Palfrader wrote: > o apt-get install unbound > o remove all nameserver entries in /etc/resolv.conf and add one for the > local recursor. Either manually or use (untested): > sed -i -e 's/^nameserver /#&/; $a nameserver 127.0.0.1' /etc/resolv.conf > o prevent anything else from modifying that file ever again: > chattr +i /etc/resolv.conf [1] <https://lists.torproject.org/pipermail/tor-relays/2015-January/006147.html> -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
