Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-18 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/17/2016 07:40 PM, Toralf Förster wrote:
> but from the mentioned PDF I got the impression to just use the ISP
> nameservers + a local cache - which I'm trying now.

Which was not the best idea:

$ dig www.heise.de +trace

; <<>> DiG 9.10.4-P3 <<>> www.heise.de +trace
;; global options: +cmd
;; connection timed out; no servers could be reached


Adding external DNS name server solved that.

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgGPtcXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U4PTgD7B/4JkwIqnwmcLNe6k/psZdZDfxpSe7dIooer+ySH6FoBAITyxUdiDmTk
lHO7gm7XWyISde0B73NXHLfJlihKquPE
=T+TF
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread teor 

> On 18 Oct. 2016, at 13:25, Jesse V  wrote:
> 
> On 10/17/2016 12:34 PM, Hoshpak wrote:
>>> # chattr +i /etc/resolv.conf
>>> 
>>> Exact it works fine :)
>> 
>> Please only do this if your are sure your server is not running in a
>> Virtuozzo/OpenVZ container environment. On Virtuozzo, the startup
>> procedure includes scripts that rewrite resolv.conf and fail if they
>> can't write to it. In these cases you could be left with an unbootable
>> container and have to raise a support ticket with your ISP to make them
>> "fix" the issue by removing the immutable bit and starting the container
>> again.
> 
> Thank you very much for that tip. Cronjob is probably the way to go then.

Configuring tor with a separate ServerDNSResolvConfFile may be more
reliable, and would avoid race conditions.

Of course, that doesn't change the resolver for the rest of your system.

Tim

> 
> -- 
> Jesse
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
--







___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread Jesse V 
On 10/17/2016 12:34 PM, Hoshpak wrote:
>> # chattr +i /etc/resolv.conf
>>
>> Exact it works fine :)
> 
> Please only do this if your are sure your server is not running in a
> Virtuozzo/OpenVZ container environment. On Virtuozzo, the startup
> procedure includes scripts that rewrite resolv.conf and fail if they
> can't write to it. In these cases you could be left with an unbootable
> container and have to raise a support ticket with your ISP to make them
> "fix" the issue by removing the immutable bit and starting the container
> again.

Thank you very much for that tip. Cronjob is probably the way to go then.

-- 
Jesse



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/17/2016 07:00 PM, pa011 wrote:
> What servers do I put in /etc/dnsmasq.conf to get this solved best?
Currently I do just use nameservers from my ISP (Hetzner) :

mr-fox ~ # grep ^server /etc/dnsmasq.conf
server=2a01:4f8:0:a0a1::add:1010
server=2a01:4f8:0:a102::add:
server=2a01:4f8:0:a111::add:9898
server=213.133.98.98
server=213.133.99.99
server=213.133.100.100

before (till yesterday) I had these too :

#server=194.150.168.168
#server=84.200.69.80
#server=84.200.70.40
#server=81.3.27.54
#server=5.153.48.164

but from the mentioned PDF I got the impression to just use the ISP nameservers 
+ a local cache - which I'm trying now.

BTW The advantage of dnsmasq is to use more than 3 nameservers.

And this is the command I do use to check dnsmasq:

pkill -USR1 dnsmasq; sleep 1; tail -n 20 /var/log/syslog | grep -A 100 
'dnsmasq.*: time'

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgFDRsXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U5CmAD9H7ZD8oNsHw5YDpJ+6aDFwm01liWSe6i2Wva7f5CYQ5sBAIV7r8w2wzl1
LgQ8OcIxw5Ar0ZSouPag6rL/oftONKlM
=DCc1
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread pa011 
These errors do only get up when starting "apt-get update" 
not when "dig ftp.de.debian.org" - this gets solved well.



Am 17.10.2016 um 19:00 schrieb pa011:
> Thank you Toralf for you instructions and kick again.
> 
> 
> Following those 
> 
>> [2] https://zwiebeltoralf.de/torserver.html
> 
> instruction do work but leave me with several unresolved queries:
> 
> »deb.torproject.org«
> »archive.ubuntu.com«
> »security.debian.org«
> »ftp.de.debian.org«
> 
> and a few more. What servers do I put in /etc/dnsmasq.conf to get this solved 
> best?
> 
> Thanks 
> Paul
>   
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread pa011 
Thank you Toralf for you instructions and kick again.


Following those 

> [2] https://zwiebeltoralf.de/torserver.html

instruction do work but leave me with several unresolved queries:

»deb.torproject.org«
»archive.ubuntu.com«
»security.debian.org«
»ftp.de.debian.org«

and a few more. What servers do I put in /etc/dnsmasq.conf to get this solved 
best?

Thanks 
Paul
  
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread Hoshpak 

Am 17.10.2016 um 13:52 schrieb Petrusko:

# chattr +i /etc/resolv.conf

Exact it works fine :)


Please only do this if your are sure your server is not running in a 
Virtuozzo/OpenVZ container environment. On Virtuozzo, the startup 
procedure includes scripts that rewrite resolv.conf and fail if they 
can't write to it. In these cases you could be left with an unbootable 
container and have to raise a support ticket with your ISP to make them 
"fix" the issue by removing the immutable bit and starting the container 
again.


In these cases it would be better to have an init script, cron job or 
configuration management system overwrite resolv.conf with the values 
you want.


Regards,
Helmut

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread Petrusko 
# chattr +i /etc/resolv.conf

Exact it works fine :)


Le 17/10/2016 à 09:49, Peter Palfrader a écrit :
> On Sun, 16 Oct 2016, Jesse V wrote:
>
>> The dnscrypt repository on Github has a list of public DNS servers. I
>> point my Unbound instance at one of them
> Your unbound should probably just be recursive itself instead of relying
> on open 3rd party nameservers.
>
> (As for /etc/resolv.conf, I usually just put nameserver 127.0.0.1 in
> there and chattr +i the file so it doesn't get munged by whatever magic
> is current this year.)

-- 
Petrusko
PubKey EBE23AE5
C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread Peter Palfrader 
On Sun, 16 Oct 2016, Jesse V wrote:

> The dnscrypt repository on Github has a list of public DNS servers. I
> point my Unbound instance at one of them

Your unbound should probably just be recursive itself instead of relying
on open 3rd party nameservers.

(As for /etc/resolv.conf, I usually just put nameserver 127.0.0.1 in
there and chattr +i the file so it doesn't get munged by whatever magic
is current this year.)
-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-17 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/17/2016 04:37 AM, Jesse V wrote:
> Consequently, I have to keep an eye on /etc/resolv.conf to ensure
> that it always points to my Unbound instance. I take immediate
> action if this is not the case.
Shouldn't /etc/resolv.conf.{head,tail} automate this ?

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgEgdwXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U7/5wD+NXFjWDMNzKDMd1qkNU6gmKDej/z12+4GZo3OrM7+8fQA/iq/oJG4DALa
dyyJmyuNXHruITe1PV5pPih6M5KbM4rH
=pB/i
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread teor 

> On 17 Oct 2016, at 13:37, Jesse V  wrote:
> 
> On 10/16/2016 04:54 PM, Petrusko wrote:
>> Thx for this share.
>> 
>> But I'm not sure how Unbound is "speaking" with the roots DNS servers...
>> Somewhere I've read that DNS queries can be forwarded by a "man in the
>> middle", and the server operator can't be sure about this :s
>> An ISP is able to do it with your "private server" hosted behind your
>> ISP's router...
>> 
>> I see DNSsec to crypt DNS queries from a client to a server, but for
>> sure it's not possible to use it with roots DNS servers...
> 
> My VPS host uses 8.8.8.8 for DNS by default. I think it's configured in
> their DHCP settings or something because 8.8.8.8 will end up in
> /etc/resolv.conf every time the VPS restarts. Consequently, I have to
> keep an eye on /etc/resolv.conf to ensure that it always points to my
> Unbound instance. I take immediate action if this is not the case.

You might find ServerDNSResolvConfFile useful if you want to avoid using
the default system resolver file /etc/resolv.conf

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
--









signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Jesse V 
On 10/16/2016 04:54 PM, Petrusko wrote:
> Thx for this share.
> 
> But I'm not sure how Unbound is "speaking" with the roots DNS servers...
> Somewhere I've read that DNS queries can be forwarded by a "man in the
> middle", and the server operator can't be sure about this :s
> An ISP is able to do it with your "private server" hosted behind your
> ISP's router...
> 
> I see DNSsec to crypt DNS queries from a client to a server, but for
> sure it's not possible to use it with roots DNS servers...

My VPS host uses 8.8.8.8 for DNS by default. I think it's configured in
their DHCP settings or something because 8.8.8.8 will end up in
/etc/resolv.conf every time the VPS restarts. Consequently, I have to
keep an eye on /etc/resolv.conf to ensure that it always points to my
Unbound instance. I take immediate action if this is not the case.

The dnscrypt repository on Github has a list of public DNS servers. I
point my Unbound instance at one of them and I give Unbound as much RAM
as I can to ensure that it caches as much as possible. In this way, I
can reduce the frequency of lookups to external server. I have had
limited success with DNSSEC. I eventually had to disable it because too
many requests were failing (including torproject.org) and I was not able
to correct the issue. DNSCrypt works just fine though if you can find a
server that supports it.

-- 
Jesse



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Petrusko 
Thx for this share.

But I'm not sure how Unbound is "speaking" with the roots DNS servers...
Somewhere I've read that DNS queries can be forwarded by a "man in the
middle", and the server operator can't be sure about this :s
An ISP is able to do it with your "private server" hosted behind your
ISP's router...

I see DNSsec to crypt DNS queries from a client to a server, but for
sure it's not possible to use it with roots DNS servers...



16/10/2016 22:02, Tristan :
> TL;DR, if I understand how Tor relays work, Unbound (or any local DNS
> server) should see a request for example.com 
> coming from localhost or 127.0.0.1. It answers the request, stores it
> in cache just in case, rinse and repeat. The machine running the exit
> relay is the one that makes the DNS request, so the only thing you'd
> get from looking at the DNS cache would be a "Top 100 Websites This
> Tor Relay Visits" sort of list.
>
> From what I could find, a DNS cache contains the hostname and its
> associated IP address, nothing more. From what I understand, even if a
> DNS cache saved the source of the request, it should save "127.0.0.1"
> or "localhost" as the source, since exit nodes are the source of the
> request, and simply forward the response back to the client.
>
> I couldn't find anything specific about Unbound, but it seems like
> there isn't a proper way to read the DNS cache anyway unless you can
> somehow decode the binary file. I suppose if you know the specific
> cache file, you could copy it to a different machine with Unbound
> installed, and possibly extract data from that, but this theory
> assumes the cache is saved to the hard drive, and it's probably only
> stored in RAM.

-- 
Petrusko
PubKey EBE23AE5
C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Tristan 
TL;DR, if I understand how Tor relays work, Unbound (or any local DNS
server) should see a request for example.com coming from localhost or
127.0.0.1. It answers the request, stores it in cache just in case, rinse
and repeat. The machine running the exit relay is the one that makes the
DNS request, so the only thing you'd get from looking at the DNS cache
would be a "Top 100 Websites This Tor Relay Visits" sort of list.

>From what I could find, a DNS cache contains the hostname and its
associated IP address, nothing more. From what I understand, even if a DNS
cache saved the source of the request, it should save "127.0.0.1" or
"localhost" as the source, since exit nodes are the source of the request,
and simply forward the response back to the client.

I couldn't find anything specific about Unbound, but it seems like there
isn't a proper way to read the DNS cache anyway unless you can somehow
decode the binary file. I suppose if you know the specific cache file, you
could copy it to a different machine with Unbound installed, and possibly
extract data from that, but this theory assumes the cache is saved to the
hard drive, and it's probably only stored in RAM.

On Sun, Oct 16, 2016 at 2:33 PM, Petrusko  wrote:

> Is there a way to know "who" has made this DNS query by reading the cache ?
> May be you can know there are 30 people have looked for google.com
> during the last 5 minutes, but "who" has made those DNS queries looks
> like difficult ? (I'm not an expert on hacking :p )
>
>
> 16/10/2016 21:28, Tristan :
> > Unbound does cache DNS entries, but there was also serious discussion
> > about whether or not the cache is a privacy risk/anonymity leak, but I
> > feel it's worth the trade-off since public DNS servers do the same thing.
>
> --
> Petrusko
> PubKey EBE23AE5
> C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>


-- 
Finding information, passing it along. ~SuperSluether
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Petrusko 
Is there a way to know "who" has made this DNS query by reading the cache ?
May be you can know there are 30 people have looked for google.com
during the last 5 minutes, but "who" has made those DNS queries looks
like difficult ? (I'm not an expert on hacking :p )


16/10/2016 21:28, Tristan :
> Unbound does cache DNS entries, but there was also serious discussion
> about whether or not the cache is a privacy risk/anonymity leak, but I
> feel it's worth the trade-off since public DNS servers do the same thing.

-- 
Petrusko
PubKey EBE23AE5
C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Tristan 
Unbound does cache DNS entries, but there was also serious discussion about
whether or not the cache is a privacy risk/anonymity leak, but I feel it's
worth the trade-off since public DNS servers do the same thing.

On Sun, Oct 16, 2016 at 2:23 PM, Petrusko  wrote:

> Humm, I've not checked on the torproject website, tuto how to build a
> relay/exit...
> It can be nice to link a tutorial : how to set up quickly and easily a
> DNS resolver to increase privacy ?
>
> May be exit operators can understand it's not really a big job to
> apt-get install unbound (an example)
> and use root DNS servers.
> I've always read using root DNS is not very good for speed... but if I'm
> not wrong Unbound (and others) have a cache ?
>
>
>
> 16/10/2016 12:52, Toralf Förster :
> > Adding different nameserver= lines to /etc/resolv.conf than 8.8.8.8
> > shouldn't be a big thing, or ?
> --
> Petrusko
> PubKey EBE23AE5
> C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>


-- 
Finding information, passing it along. ~SuperSluether
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Petrusko 
Humm, I've not checked on the torproject website, tuto how to build a
relay/exit...
It can be nice to link a tutorial : how to set up quickly and easily a
DNS resolver to increase privacy ?

May be exit operators can understand it's not really a big job to
apt-get install unbound (an example)
and use root DNS servers.
I've always read using root DNS is not very good for speed... but if I'm
not wrong Unbound (and others) have a cache ?



16/10/2016 12:52, Toralf Förster :
> Adding different nameserver= lines to /etc/resolv.conf than 8.8.8.8
> shouldn't be a big thing, or ?
-- 
Petrusko
PubKey EBE23AE5
C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Tristan 
Maybe Tor could at least warn you when you're not using a local resolver?

On Oct 16, 2016 7:50 AM, "Ralph Seichter"  wrote:

> On 16.10.16 14:33, Tom van der Woerdt wrote:
>
> > Why doesn't Tor just link with a dns recursor, instead of relying on
> > the user to get the configuration right?
>
> It is not Tor's job to meddle with resolving DNS entries, and the notion
> of "getting it right" varies. Asking Tor operators to think about their
> resolvers is one thing, but interfering is quite a different story.
>
> -Ralph
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Ralph Seichter 
On 16.10.16 14:52, Tom van der Woerdt wrote:

> If it affects the anonymity of users, it's Tor's job, no?

Tor cannot know what the "correct" resolver configuration is, because
this depends on requirements/limitations of local infrastructure. Using
public resolvers like 8.8.8.8 might be plain laziness, or because that's
the only resolver a firewall will allow connections to.

That's just one of the reasons DNS resolving is delegated to a dedicated
service in the first place.

-Ralph
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Tom van der Woerdt 
Op 16/10/16 om 14:50 schreef Ralph Seichter:
> On 16.10.16 14:33, Tom van der Woerdt wrote:
> 
>> Why doesn't Tor just link with a dns recursor, instead of relying on
>> the user to get the configuration right?
> 
> It is not Tor's job to meddle with resolving DNS entries, and the notion
> of "getting it right" varies. Asking Tor operators to think about their
> resolvers is one thing, but interfering is quite a different story.
> 
> -Ralph

If it affects the anonymity of users, it's Tor's job, no?

Tom
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Ralph Seichter 
On 16.10.16 14:33, Tom van der Woerdt wrote:

> Why doesn't Tor just link with a dns recursor, instead of relying on
> the user to get the configuration right?

It is not Tor's job to meddle with resolving DNS entries, and the notion
of "getting it right" varies. Asking Tor operators to think about their
resolvers is one thing, but interfering is quite a different story.

-Ralph
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Tristan 
It's not technically required when setting up Tor, so I think a lot of
people just forget about it. When I set up an exit relay, I knew I was
supposed to run a local DNS server, but I completely forgot to install it
until about a month later when the topic appeared in this list.

The other problem is that Google DNS is almost always used by default in
many VPS providers. I suppose it's cheaper when they don't have to provide
their own servers.

On Sun, Oct 16, 2016 at 5:52 AM, Toralf Förster 
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Reading [1] I do wonder about that.
> Why do Tor exit relay operators avoid installing a local resolver - or at
> least simple a cache as shown in [2] ?
> Adding different nameserver= lines to /etc/resolv.conf than 8.8.8.8
> shouldn't be a big thing, or ?
>
> [1] https://nymity.ch/tor-dns/tor-dns.pdf
> [2] https://zwiebeltoralf.de/torserver.html
>
> - --
> Toralf
> PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
> -BEGIN PGP SIGNATURE-
>
> iHYEAREIAB4FAlgDW9QXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
> 6U7l0AD9GolbdbnFmmDVACsdosxGC+bkD7czticuu0jTSQ5ObhYA/3aq74/N23bp
> D0mOLzfUmmDpiI2KXOSLvG/n8vrAgYlV
> =y46I
> -END PGP SIGNATURE-
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>



-- 
Finding information, passing it along. ~SuperSluether
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Tom van der Woerdt 
Why doesn't Tor just link with a dns recursor, instead of relying on the
user to get the configuration right?

Tom


Op 16/10/16 om 12:52 schreef Toralf Förster:
> Reading [1] I do wonder about that.
> Why do Tor exit relay operators avoid installing a local resolver - or at 
> least simple a cache as shown in [2] ?
> Adding different nameserver= lines to /etc/resolv.conf than 8.8.8.8 shouldn't 
> be a big thing, or ?
> 
> [1] https://nymity.ch/tor-dns/tor-dns.pdf
> [2] https://zwiebeltoralf.de/torserver.html
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Why do 40% of Tor exits uses 8.8.8.8 for DNS resolving ?

2016-10-16 Thread Toralf Förster 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Reading [1] I do wonder about that.
Why do Tor exit relay operators avoid installing a local resolver - or at least 
simple a cache as shown in [2] ?
Adding different nameserver= lines to /etc/resolv.conf than 8.8.8.8 shouldn't 
be a big thing, or ?

[1] https://nymity.ch/tor-dns/tor-dns.pdf 
[2] https://zwiebeltoralf.de/torserver.html

- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-

iHYEAREIAB4FAlgDW9QXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
6U7l0AD9GolbdbnFmmDVACsdosxGC+bkD7czticuu0jTSQ5ObhYA/3aq74/N23bp
D0mOLzfUmmDpiI2KXOSLvG/n8vrAgYlV
=y46I
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays