Great thread! I just use the recommended onces that support dnssec
On May 11, 2018 11:55:39 AM UTC, tor-relays-request@lists.torproject.org wrote:
Send tor-relays mailing list submissions to tor-relays@lists.torproject.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays or, via email, send a message with subject or body 'help' to tor-relays-request@lists.torproject.org
You can reach the person managing the list at tor-relays-owner@lists.torproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-relays digest..."
Today's Topics:
- lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare) (nusenu)
- Re: lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare) (Tyler Durden)
- Re: lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare) (nusenu)
- PSA regarding Quad9 DNS Resolver (Nathaniel Suchy (Lunorian))
- Re: Strange BGP activity with my node (Johan Nilsson)
- Re: lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare) (Nathaniel Suchy (Lunorian))
Message: 1 Date: Thu, 10 May 2018 22:16:00 +0000 From: nusenu nusenu-lists@riseup.net To: tor-relays@lists.torproject.org Subject: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare) Message-ID: 5e7d99ef-9514-cee4-985f-7f1d4a21dfec@riseup.net Content-Type: text/plain; charset="utf-8"
Dear Exit Relay Operators,
I'd like to invite you to check your exit's DNS resolver by having a look at the following list of exits using resolvers outside their AS (especially if it is Google, OpenDNS, Quad9 or Cloudflare).
You can search the list for you contactinfo, relay nickname or relay fingerprint (first 8 characters):
https://gist.github.com/nusenu/cb766ff7945fafd9f90ee7f211a2508f#file-tor-dns...
I extended the "DNS on Exit Relays" section in the Tor Relay Guide to include specific instructions what is recommended for Tor exit operators with regards to DNS on exit relays.
https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays
If you found yourself on the list above and changed your DNS to a local (same host or same AS) resolver or found a false-positive, please drop me an email (off-list is also ok).
The goal is to be bellow the following thresholds within one year:
- not have any single remoteAS entity control more than 10% exit
capacity
- reduce the overall remoteAS share to bellow 20% exit capacity
the longer version of this can be found at: https://medium.com/@nusenu/who-controls-tors-dns-traffic-a74a7632e8ca
thanks for helping with DNS decentralization on the tor network, nusenu
-- https://mastodon.social/@nusenu twitter: @nusenu_