Great initiative!
Personally I would also see some sort of "DANE" for Tor-relays in the
future too, but that is a request for another thread.
/ Jonathan
> On 12.04.18 13:05, Alexander Dietrich wrote:
>
>> Just to be safe, you could also check the rest of the dig output and
>> /etc/resolv.conf (or
On 12.04.18 13:05, Alexander Dietrich wrote:
> Just to be safe, you could also check the rest of the dig output and
> /etc/resolv.conf (or relevant resolver configuration on your system)
> to make sure your BIND is being used.
I have seen hosters where /etc/resolv.conf is overwritten whenever
Dhalgren Tor:
> Respectfully, I disagree.
>
https://lists.torproject.org/pipermail/tor-relays/2015-October/007904.html
wrote:
> Spent a few minutes activating the DNSSEC trust-anchor for 'unbound'.
>
> Ran 'dig' on a few signed domains and observed that queries that took
> under 50
as a quick and easy test you can always try to resolve a
hostname with known invalid DNSSEC records:
www.dnssec-failed.org
--
https://mastodon.social/@nusenu
twitter: @nusenu_
signature.asc
Description: OpenPGP digital signature
___
tor-relays
Thanx Alexander
> Just to be safe, you could also check the rest of the dig output and
> /etc/resolv.conf (or relevant resolver configuration on your system) to
> make sure your BIND is being used. The flags look fine, though.
resolv.conf only has 127.0.0.1 and Dig responds from 127.0.0.1 -
On 2018-04-11 04:10, Paul Templeton wrote:
When I do a dig +dnssec . | grep ";; flags:" I get ;; flags: qr rd ra
ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 this looks as if
its working.
Just to be safe, you could also check the rest of the dig output and
/etc/resolv.conf (or
Hi All,
Is there anyone who uses Bind9? I'll setup DNSSEC on all Exits but I would like
to validate the config.
I have done this on 41781FDC57238DAB955DF6D6E8400CEC5ACBE706
options {
directory "/var/cache/bind";
dnssec-enable yes;
dnssec-validation yes;
Respectfully, I disagree.
https://lists.torproject.org/pipermail/tor-relays/2015-October/007904.html
Thank you for the thought however.
___
tor-relays mailing list
tor-relays@lists.torproject.org
Hi,
Please consider using BCC next time you remove obfuscation from
people's emails, and then send out a mass email.
T
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 09.04.18 13:10, nusenu wrote:
> I recommend a local caching unbound (https://unbound.net/) DNS
> resolver without using an upstream DNS forwarder.
No forwarders indeed. Additionally, I recommend the following settings
in the unbound.conf of Tor exits:
# Disable logging.
log-queries: no
Dear Tor Exit Relay Operator,
thanks for operating tor exit relays!
In addition to forwarding packets exit relays also do DNS hostname resolution
on behalf of tor clients.
DNSSEC [1] is a standard that allows DNS clients to validate the authenticity of
DNS records (if the domain owner choose to
11 matches
Mail list logo
