-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/17/2016 07:40 PM, Toralf Förster wrote:
> but from the mentioned PDF I got the impression to just use the ISP
> nameservers + a local cache - which I'm trying now.
Which was not the best idea:
$ dig www.heise.de +trace
; <<>> DiG 9.10.4-P3 <
> On 18 Oct. 2016, at 13:25, Jesse V wrote:
>
> On 10/17/2016 12:34 PM, Hoshpak wrote:
>>> # chattr +i /etc/resolv.conf
>>>
>>> Exact it works fine :)
>>
>> Please only do this if your are sure your server is not running in a
>> Virtuozzo/OpenVZ container environment. On Virtuozzo, the startup
On 10/17/2016 12:34 PM, Hoshpak wrote:
>> # chattr +i /etc/resolv.conf
>>
>> Exact it works fine :)
>
> Please only do this if your are sure your server is not running in a
> Virtuozzo/OpenVZ container environment. On Virtuozzo, the startup
> procedure includes scripts that rewrite resolv.conf and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/17/2016 07:00 PM, pa011 wrote:
> What servers do I put in /etc/dnsmasq.conf to get this solved best?
Currently I do just use nameservers from my ISP (Hetzner) :
mr-fox ~ # grep ^server /etc/dnsmasq.conf
server=2a01:4f8:0:a0a1::add:1010
server=
These errors do only get up when starting "apt-get update"
not when "dig ftp.de.debian.org" - this gets solved well.
Am 17.10.2016 um 19:00 schrieb pa011:
> Thank you Toralf for you instructions and kick again.
>
>
> Following those
>
>> [2] https://zwiebeltoralf.de/torserver.html
>
> inst
Thank you Toralf for you instructions and kick again.
Following those
> [2] https://zwiebeltoralf.de/torserver.html
instruction do work but leave me with several unresolved queries:
»deb.torproject.org«
»archive.ubuntu.com«
»security.debian.org«
»ftp.de.debian.org«
and a few more. What serve
Am 17.10.2016 um 13:52 schrieb Petrusko:
# chattr +i /etc/resolv.conf
Exact it works fine :)
Please only do this if your are sure your server is not running in a
Virtuozzo/OpenVZ container environment. On Virtuozzo, the startup
procedure includes scripts that rewrite resolv.conf and fail if
# chattr +i /etc/resolv.conf
Exact it works fine :)
Le 17/10/2016 à 09:49, Peter Palfrader a écrit :
> On Sun, 16 Oct 2016, Jesse V wrote:
>
>> The dnscrypt repository on Github has a list of public DNS servers. I
>> point my Unbound instance at one of them
> Your unbound should probably just be
On Sun, 16 Oct 2016, Jesse V wrote:
> The dnscrypt repository on Github has a list of public DNS servers. I
> point my Unbound instance at one of them
Your unbound should probably just be recursive itself instead of relying
on open 3rd party nameservers.
(As for /etc/resolv.conf, I usually just
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/17/2016 04:37 AM, Jesse V wrote:
> Consequently, I have to keep an eye on /etc/resolv.conf to ensure
> that it always points to my Unbound instance. I take immediate
> action if this is not the case.
Shouldn't /etc/resolv.conf.{head,tail} autom
> On 17 Oct 2016, at 13:37, Jesse V wrote:
>
> On 10/16/2016 04:54 PM, Petrusko wrote:
>> Thx for this share.
>>
>> But I'm not sure how Unbound is "speaking" with the roots DNS servers...
>> Somewhere I've read that DNS queries can be forwarded by a "man in the
>> middle", and the server opera
On 10/16/2016 04:54 PM, Petrusko wrote:
> Thx for this share.
>
> But I'm not sure how Unbound is "speaking" with the roots DNS servers...
> Somewhere I've read that DNS queries can be forwarded by a "man in the
> middle", and the server operator can't be sure about this :s
> An ISP is able to do
Thx for this share.
But I'm not sure how Unbound is "speaking" with the roots DNS servers...
Somewhere I've read that DNS queries can be forwarded by a "man in the
middle", and the server operator can't be sure about this :s
An ISP is able to do it with your "private server" hosted behind your
ISP
TL;DR, if I understand how Tor relays work, Unbound (or any local DNS
server) should see a request for example.com coming from localhost or
127.0.0.1. It answers the request, stores it in cache just in case, rinse
and repeat. The machine running the exit relay is the one that makes the
DNS request,
Is there a way to know "who" has made this DNS query by reading the cache ?
May be you can know there are 30 people have looked for google.com
during the last 5 minutes, but "who" has made those DNS queries looks
like difficult ? (I'm not an expert on hacking :p )
16/10/2016 21:28, Tristan :
> Un
Unbound does cache DNS entries, but there was also serious discussion about
whether or not the cache is a privacy risk/anonymity leak, but I feel it's
worth the trade-off since public DNS servers do the same thing.
On Sun, Oct 16, 2016 at 2:23 PM, Petrusko wrote:
> Humm, I've not checked on the
Humm, I've not checked on the torproject website, tuto how to build a
relay/exit...
It can be nice to link a tutorial : how to set up quickly and easily a
DNS resolver to increase privacy ?
May be exit operators can understand it's not really a big job to
apt-get install unbound (an example)
and u
Maybe Tor could at least warn you when you're not using a local resolver?
On Oct 16, 2016 7:50 AM, "Ralph Seichter" wrote:
> On 16.10.16 14:33, Tom van der Woerdt wrote:
>
> > Why doesn't Tor just link with a dns recursor, instead of relying on
> > the user to get the configuration right?
>
> It
On 16.10.16 14:52, Tom van der Woerdt wrote:
> If it affects the anonymity of users, it's Tor's job, no?
Tor cannot know what the "correct" resolver configuration is, because
this depends on requirements/limitations of local infrastructure. Using
public resolvers like 8.8.8.8 might be plain lazin
Op 16/10/16 om 14:50 schreef Ralph Seichter:
> On 16.10.16 14:33, Tom van der Woerdt wrote:
>
>> Why doesn't Tor just link with a dns recursor, instead of relying on
>> the user to get the configuration right?
>
> It is not Tor's job to meddle with resolving DNS entries, and the notion
> of "gett
On 16.10.16 14:33, Tom van der Woerdt wrote:
> Why doesn't Tor just link with a dns recursor, instead of relying on
> the user to get the configuration right?
It is not Tor's job to meddle with resolving DNS entries, and the notion
of "getting it right" varies. Asking Tor operators to think about
It's not technically required when setting up Tor, so I think a lot of
people just forget about it. When I set up an exit relay, I knew I was
supposed to run a local DNS server, but I completely forgot to install it
until about a month later when the topic appeared in this list.
The other problem
Why doesn't Tor just link with a dns recursor, instead of relying on the
user to get the configuration right?
Tom
Op 16/10/16 om 12:52 schreef Toralf Förster:
> Reading [1] I do wonder about that.
> Why do Tor exit relay operators avoid installing a local resolver - or at
> least simple a cache
23 matches
Mail list logo
