On 09.04.18 13:10, nusenu wrote:

> I recommend a local caching unbound (https://unbound.net/) DNS
> resolver without using an upstream DNS forwarder.

No forwarders indeed. Additionally, I recommend the following settings
in the unbound.conf of Tor exits:

  # Disable logging.
  log-queries: no
  log-replies: no

  # Sent minimum amount of information to upstream servers to enhance
  # privacy. Only sent minimum required labels of the QNAME and set
  # QTYPE to NS when possible.
  qname-minimisation: yes

  # If yes, Unbound doesn't insert authority/additional sections
  # into response messages when those sections are not required.
  minimal-responses: yes

Logging might be disabled as a default depending on how your Unbound was
built, but I like to make certain.

-Ralph

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Reply via email to