> On 6 Aug 2017, at 02:57, Petrusko <petru...@riseup.net> wrote:
> On my LAN I'm using Unbound, forwarding all requests to "root servers".
> I've read it's not really cool for a high traffic server, to preserve
> those root servers...?
> But for home, I think it's perfect.
> For an exit, why not using too a dns cache as Igor said, may be less
> agressive for the root servers ? :
>    On your node, run dnsmasq with a large (10000) cache as a fast and
>    secure alternative to running a full DNS server. That can prevent some
>    DNS-based timing attacks.
> Is it a good idea to use those roots servers ?
> I'm not 100% sure about requests because of MITM attack, but better than
> GoogleDNS ?

Using a caching, recursive resolver should be fine.
(Then the root servers only answer queries for top-level domains.)


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
xmpp: teor at torproject dot org

Attachment: signature.asc
Description: Message signed with OpenPGP

tor-relays mailing list

Reply via email to