On 09.04.18 13:10, nusenu wrote: > I recommend a local caching unbound (https://unbound.net/) DNS > resolver without using an upstream DNS forwarder.
No forwarders indeed. Additionally, I recommend the following settings in the unbound.conf of Tor exits: # Disable logging. log-queries: no log-replies: no # Sent minimum amount of information to upstream servers to enhance # privacy. Only sent minimum required labels of the QNAME and set # QTYPE to NS when possible. qname-minimisation: yes # If yes, Unbound doesn't insert authority/additional sections # into response messages when those sections are not required. minimal-responses: yes Logging might be disabled as a default depending on how your Unbound was built, but I like to make certain. -Ralph _______________________________________________ tor-relays mailing list email@example.com https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays