Re: [tor-relays] Looking for a 34C3 Voucher
On 09.10.2017 22:30, Sarah Harvey wrote: > Is there a chance that I could also get a voucher? I have never been to > CCC and would be interested in going. I am out of vouchers currently, but I put you my list. Quite possibly, there won't be any more vouchers though. There are some public sales dates scheduled, and you should try and get one on these dates: https://events.ccc.de/2017/10/03/34c3-tickets-status-and-open-sale/ Please note that it is very unlikely that there will be any tickets left to be sold on site. The previous years it always sold out pretty quickly, with some minutes (!) for each of the announced times. -- Moritz Bartl https://www.torservers.net/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Looking for a 34C3 Voucher
On 2017-10-09 09:10, Moritz Bartl wrote: On 09.10.2017 17:55, Paul wrote: Anybody holding a Voucher for 34C3 in Leipzig at the end of December? https://tickets.events.ccc.de/34c3/docs/? While still running several Exits I would be more than happy to meet others there Will send you one in a separate mail. See you there! Is there a chance that I could also get a voucher? I have never been to CCC and would be interested in going. I currently run a high-bandwidth tor relay (not exit), and have done so since 2014. Thanks. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Looking for a 34C3 Voucher
On 09.10.2017 17:55, Paul wrote: > Anybody holding a Voucher for 34C3 in Leipzig at the end of December? > https://tickets.events.ccc.de/34c3/docs/? > > While still running several Exits I would be more than happy to meet others > there Will send you one in a separate mail. See you there! -- Moritz Bartl https://www.torservers.net/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Looking for a 34C3 Voucher
Anybody holding a Voucher for 34C3 in Leipzig at the end of December? https://tickets.events.ccc.de/34c3/docs/? While still running several Exits I would be more than happy to meet others there Thanks, Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
Hello, On 09.10.2017 06:45, Ralph Seichter wrote: > This time you appear to combine a repetition of your old replies to > several distinct list messages from various authors with a fresh mix of > replies? Sorry, but I have no desire to wade through this just to figure > out which parts I am supposed to answer. I apologize for this. I am having issues with my email provider when I try to send an email to the list. After reading the full conversation again, it appears there was a misunderstanding. You thought dnsmasq was a caching DNS resolver, but it is a caching DNS forwarder [1]. This confused me, but now what you said makes sense. On 09.10.2017 06:45, Ralph Seichter wrote: > As for running a resolver properly: Follow my sound advice or don't. If > you don't, please just let me know your node fingerprints, so I can set > ExcludeExitNodes accordingly. ;-) As you said before, using the ISP resolver is a valid option, and this is why I am going to do it, with the help of dnsmasq or another caching DNS forwarder. Do you maintain your request for my node fingerprints ? Regards [1] https://packages.debian.org/stable/dnsmasq ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] unbound and DNS-over-TLS (dnsmasq configuration for an exit relay (Debian))
El 09/10/17 a las 09:32, Ralph Seichter escribió: > On 08.10.2017 23:05, Santiago R.R. wrote: > > > I would also suggest to use DNS-over-TLS, so (exit) relays could be > > able to encrypt their queries to a privacy-aware DNS resolver [...] > > I like SSL for the resulting cost increase in listening to a connection. AFAIU, some recursive implementations already support TCP fast open (RFC7413) to reduce the cost of opening a connection. They also pipeline to send multiple queries over a single TCP connection. > However, the Unbound documentation states: > > ssl-upstream: Enabled (sic) or disable whether the > upstream queries use SSL only for transport. Default is no. Useful > in tunneling scenarios. > > Do you have any data on the percentage of queries that fail with SSL > *only* because upstream nameservers don't support SSL? I imagine the > majority of servers don't support it (my own authoritative nameservers > among them). No, I don't. And I suppose you're right, the majority of upstream nameservers don't support it. Related RFCs are quite recent, so it's not surprising. My stubby resolver works well, and I don't realize about issues querying external domains. > Also, manually adding forward-zone entries implies trusting specific > servers beyond the regular root zone servers, which rubs me the wrong > way. Yes, indeed. I trust the people running the relays I listed. And there is also DNSSEC, where available. -- Santiago ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] unbound and DNS-over-TLS (dnsmasq configuration for an exit relay (Debian))
On 08.10.2017 23:05, Santiago R.R. wrote: > I would also suggest to use DNS-over-TLS, so (exit) relays could be > able to encrypt their queries to a privacy-aware DNS resolver [...] I like SSL for the resulting cost increase in listening to a connection. However, the Unbound documentation states: ssl-upstream: Enabled (sic) or disable whether the upstream queries use SSL only for transport. Default is no. Useful in tunneling scenarios. Do you have any data on the percentage of queries that fail with SSL *only* because upstream nameservers don't support SSL? I imagine the majority of servers don't support it (my own authoritative nameservers among them). Also, manually adding forward-zone entries implies trusting specific servers beyond the regular root zone servers, which rubs me the wrong way. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays