Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread Andrew Deason
On Sat, 12 May 2018 04:50:29 + Matthew Finkel wrote: > But isn't that what the subject line says? And the original email > contains: > > > The goal is to be bellow the following thresholds within one year: > > not have any single remoteAS entity control more than 10% exit capacity > > re

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread Matthew Finkel
On Fri, May 11, 2018 at 10:54:06PM -0500, Andrew Deason wrote: > On Thu, 10 May 2018 22:37:00 + > Tyler Durden wrote: > > > All our nodes are using a local DNS caching server and only use google > > as a fallback. > > I was also using google just as a fallback; I've now changed my node to >

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread Andrew Deason
On Thu, 10 May 2018 22:37:00 + Tyler Durden wrote: > All our nodes are using a local DNS caching server and only use google > as a fallback. I was also using google just as a fallback; I've now changed my node to just use a local resolver, with no fallback. Neither the email from nusenu nor

Re: [tor-relays] PSA regarding Quad9 DNS Resolver

2018-05-11 Thread Nathaniel Suchy (Lunorian)
As long as their alternate resolvers do not censor any queries it's (probably) allowed and will (probably) not get you flagged as a bad exit for censoring traffic. On 5/11/18 12:24 PM, nusenu wrote: > > > Toralf Förster: >> On 05/11/2018 01:41 PM, Nathaniel Suchy (Lunorian) wrote: >>> Like OpenD

Re: [tor-relays] PSA regarding Quad9 DNS Resolver

2018-05-11 Thread nusenu
Toralf Förster: > On 05/11/2018 01:41 PM, Nathaniel Suchy (Lunorian) wrote: >> Like OpenDNS, Quad9 is a censoring DNS resolver > Is this true for 9.9.9.10 too ? https://quad9.net/faq/ > Is there a service that Quad9 offers that does not have the blocklist > or other security? > > The primary I

Re: [tor-relays] PSA regarding Quad9 DNS Resolver

2018-05-11 Thread Toralf Förster
On 05/11/2018 01:41 PM, Nathaniel Suchy (Lunorian) wrote: > Like OpenDNS, Quad9 is a censoring DNS resolver Is this true for 9.9.9.10 too ? -- Toralf PGP C4EACDDE 0076E94E signature.asc Description: OpenPGP digital signature ___ tor-relays mailing li

Re: [tor-relays] PSA regarding Quad9 DNS Resolver

2018-05-11 Thread Matthew Finkel
On Fri, May 11, 2018 at 07:41:45AM -0400, Nathaniel Suchy (Lunorian) wrote: > Like OpenDNS, Quad9 is a censoring DNS resolver and exits using it are / > should be considered bad exits. I haven’t seen any exits using it yet however > I thought I’d bring it up. Thoughts? Yes, but nusenu's email is

Re: [tor-relays] tor-relays Digest, Vol 88, Issue 13

2018-05-11 Thread flipchan
(Google, Level3, OpenDNS, Quad9, Cloudflare) >Message-ID: <57c450a9-90f4-ac97-4eca-f414df642...@riseup.net> >Content-Type: text/plain; charset="utf-8" > > > >Tyler Durden: >> All our nodes are using a local DNS caching server and only use >google >>

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread Nathaniel Suchy (Lunorian)
You have a very good point - we could all run our own resolver(s) with a fallback. This idea sounds much better than just reassigning trust. On 5/11/18 8:52 AM, Ralph Seichter wrote: > On 11.05.18 13:55, Nathaniel Suchy (Lunorian) wrote: > >> My first thought is to use ISP DNS if it’s available -

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread Alexander Dietrich
On 2018-05-11 14:52, Ralph Seichter wrote: Assuming you can install whatever software you like, I recommend running your own instance of Unbound on your exit node machines. Current Unbound versions support DNSSEC validation, QNAME minimisation, etc. While using your ISP's resolvers works as a

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread Ralph Seichter
On 11.05.18 13:55, Nathaniel Suchy (Lunorian) wrote: > My first thought is to use ISP DNS if it’s available - one of the best > things about Tor is the split of trust so why aren’t we doing that > with DNS? Another alternative is to use trusted recursive DNSCrypt > Resolvers (for example dnscrypt.

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread Nathaniel Suchy (Lunorian)
I dislike OpenNIC as they are operating their own TLDs - this would end up being confusing as some Tor Exits would allow access to OpenNIC TLDs and others would not. On 5/11/18 8:18 AM, Famicoman wrote: > OpenNIC is always an option, https://www.opennic.org > > On Fri, May 11, 2018, 8:12 AM Tyler

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread Famicoman
OpenNIC is always an option, https://www.opennic.org On Fri, May 11, 2018, 8:12 AM Tyler Durden wrote: > Ah well I should look more into the services of EDRi members :D > > In this case I will give it a try as a fallback instead of google and we > will see how it performs. > > > Greetings > > Am

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread Tyler Durden
Ah well I should look more into the services of EDRi members :D In this case I will give it a try as a fallback instead of google and we will see how it performs. Greetings Am 11. Mai 2018 14:04:37 MESZ schrieb Christian Pietsch : >Hi Tyler, >hi all, > >On Thu, May 10, 2018 at 10:37:00PM +000

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread Christian Pietsch
Hi Tyler, hi all, On Thu, May 10, 2018 at 10:37:00PM +, Tyler Durden wrote: > The situation is very unlikely to change unless there is a major player > on "our side" which offers a free, censorship-free, resilient and stable > DNS Service. You are welcome to use our free, censorship-free, res

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread Nathaniel Suchy (Lunorian)
I’m quite worried about the number of relays using Google DNS. With Google DNS, Google gets to know a Tor exit proxied X website at X time. I don’t think they can be trusted with this information. As for privacy concerns: Google claims these logs are only stored for up to 48 hours. It worries

Re: [tor-relays] Strange BGP activity with my node

2018-05-11 Thread Johan Nilsson
> Your prefix: 204.17.32.0/19 : > > Prefix Description: GBLX-US-BGP Update time: 2018-05-09 > > 12:11 (UTC) Detected by #peers: 1 Detected prefix: > > 204.17.56.42/32 Announced by: > > AS25 (Asavie Technologies Limited) Upstr

[tor-relays] PSA regarding Quad9 DNS Resolver

2018-05-11 Thread Nathaniel Suchy (Lunorian)
Like OpenDNS, Quad9 is a censoring DNS resolver and exits using it are / should be considered bad exits. I haven’t seen any exits using it yet however I thought I’d bring it up. Thoughts? Cheers, Nathaniel Sent from my iPhone ___ tor-relays mailing li

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

2018-05-11 Thread nusenu
Tyler Durden: > All our nodes are using a local DNS caching server and only use google > as a fallback. > The situation is very unlikely to change unless there is a major player > on "our side" which offers a free, censorship-free, resilient and stable > DNS Service. can you describe your (hard)