On 6 Aug 2017, at 02:57, Petrusko petrusko@riseup.net wrote:
On my LAN I'm using Unbound, forwarding all requests to "root servers".
I've read it's not really cool for a high traffic server, to preserve those root servers...? But for home, I think it's perfect.
For an exit, why not using too a dns cache as Igor said, may be less agressive for the root servers ? :
On your node, run dnsmasq with a large (10000) cache as a fast and secure alternative to running a full DNS server. That can prevent some DNS-based timing attacks.
Is it a good idea to use those roots servers ? I'm not 100% sure about requests because of MITM attack, but better than GoogleDNS ?
Using a caching, recursive resolver should be fine. (Then the root servers only answer queries for top-level domains.)
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------