Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-20 Thread Jesse V
On 12/20/2015 03:04 PM, spaceman wrote: > Hi, > > Although I cannot say how secure this configuration is but you can run > this kind of setup client side as well. So: > > Bind --> DNSCrypt Proxy --> Tor --> DNSCrypt Compatible Server You can do this, but Tor doesn't support all types of DNS

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-20 Thread Jesse V
On 12/20/2015 03:47 PM, Green Dream wrote: >> Weasel and velope on #tor-project suggested that I remove DNSCrypt >> entirely and let Unbound be a recursive resolver against the root DNS >> servers, which I have now done. > > Jesse would you mind sharing how you configured this? Certainly. My

Re: [tor-relays] Allow user to provide feedback?

2015-12-20 Thread Green Dream
Typically users are routed through multiple relays (guard, middle and exit), so the proposed feedback would really be a generic "this circuit is slow" signal, which doesn't help narrow down the problematic relay. ___ tor-relays mailing list

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-20 Thread spaceman
Hi, Although I cannot say how secure this configuration is but you can run this kind of setup client side as well. So: Bind --> DNSCrypt Proxy --> Tor --> DNSCrypt Compatible Server The secret here is to force DNSCrypt to run over TCP only which can then be redirected through a Tor

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-20 Thread Jesse V
On 12/20/2015 04:11 PM, Jesse V wrote: > On 12/20/2015 03:47 PM, Green Dream wrote: >>> Weasel and velope on #tor-project suggested that I remove DNSCrypt >>> entirely and let Unbound be a recursive resolver against the root DNS >>> servers, which I have now done. >> >> Jesse would you mind

Re: [tor-relays] IPv6 Only Exit Node

2015-12-20 Thread Tim Wilson-Brown - teor
> On 21 Dec 2015, at 03:36, Toralf Förster wrote: > > Signed PGP part > On 12/15/2015 07:25 PM, Tim Wilson-Brown - teor wrote: > > > > This is wise. Tor will block your own IPv6 address, but it doesn't > > know about your subnet: > > > >> ExitPolicy reject6

Re: [tor-relays] Very unbalanced inbound/outbound connections

2015-12-20 Thread Green Dream
"I see a little bit more than twice as much inbound than outbound connections on my (non-exit, non-guard) relay [0]." "looking at the graphs in atlas (as well in arm) shows no significant (= something like twice as much) difference between the inbound and outbound traffic" I'm not sure if you

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-20 Thread Green Dream
> Weasel and velope on #tor-project suggested that I remove DNSCrypt > entirely and let Unbound be a recursive resolver against the root DNS > servers, which I have now done. Jesse would you mind sharing how you configured this? ___ tor-relays mailing

Re: [tor-relays] Opt-In Trial: Fallback Directory Mirrors

2015-12-20 Thread NOC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Good to hear the criteria will be reviewed. As far as I am aware there are under-utilised resources on these two exit relays so that is why I am opt-ing in these relays. If there is any more information on the expected resources for the fallback

Re: [tor-relays] Opt-In Trial: Fallback Directory Mirrors

2015-12-20 Thread Tim Wilson-Brown - teor
> On 20 Dec 2015, at 02:55, NOC wrote: > > The initial message states that the relays should be non-exit replays. > All these relays are exit relays with enough resources to spare so I > would love to see them added. > ... > > -- > Tim Semeijn Hi Tim, Thanks for

Re: [tor-relays] expected IPv6 traffic for an exit relay

2015-12-20 Thread Toralf Förster
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/20/2015 06:06 PM, Toralf Förster wrote: > t. The commands 'nslookup' and 'host' works fine correction: tor-relay ~ # host -t google.com google.com has IPv6 address 2a00:1450:4001:800::1003 tor-relay ~ # host -t google.com

Re: [tor-relays] Very unbalanced inbound/outbound connections

2015-12-20 Thread Jannis Wiese
Hi, thanks for your answer. > On 21.12.2015, at 02:17, Green Dream wrote: > I'm not sure if you mean the literal number of connections, or if you're > talking about bandwidth utilization. In either case, if arm isn't showing the > increase, the additional traffic

Re: [tor-relays] Opt-In Trial: Fallback Directory Mirrors

2015-12-20 Thread s7r
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, The estimated extra load looks good, it shouldn't be a problem. Are we entirely sure we want to hardcode a static weight for each fallback directory relay? I know we require it to be stable enough but sometimes the weight assigned to a relay

Re: [tor-relays] Opt-In Trial: Fallback Directory Mirrors

2015-12-20 Thread Tim Wilson-Brown - teor
> On 20 Dec 2015, at 23:42, NOC wrote: > > Signed PGP part > Good to hear the criteria will be reviewed. As far as I am aware there > are under-utilised resources on these two exit relays so that is why I > am opt-ing in these relays. > > If there is any more information

Re: [tor-relays] Opt-In Trial: Fallback Directory Mirrors

2015-12-20 Thread Tim Wilson-Brown - teor
> On 21 Dec 2015, at 01:55, s7r wrote: > > Signed PGP part > Hi, > > The estimated extra load looks good, it shouldn't be a problem. > > Are we entirely sure we want to hardcode a static weight for each > fallback directory relay? I know we require it to be stable enough but

Re: [tor-relays] Running an exit? Please secure your DNS with DNSCrypt+Unbound

2015-12-20 Thread Remi Gacogne
> On the other hand, I would say using a local DNS cache can increase both > your relay's performance and perhaps offers a slight privacy gain to tor > clients, given that a cached DNS response will be served directly to a > tor client rather than querying an external resolver for the 2nd time.

[tor-relays] Allow user to provide feedback?

2015-12-20 Thread Eric Hocking
Would it be possible for there to be a way for users to provide feedback on the current tor relay/server they are using? Ex: users submit feedback such as let's say "relay is slow" when another user uses the proxy, they could see the user provided feedback of the relay

Re: [tor-relays] IPv6 Only Exit Node

2015-12-20 Thread Toralf Förster
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/15/2015 07:25 PM, Tim Wilson-Brown - teor wrote: > > This is wise. Tor will block your own IPv6 address, but it doesn't > know about your subnet: > >> ExitPolicy reject6 [2A02:168:4A06::]/42:* # Block my subnet > Just clarify it for me :

Re: [tor-relays] Opt-In Trial: Fallback Directory Mirrors

2015-12-20 Thread NOC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Thanks for the information. The load should be no problem at all, great to hear ;) On 20/12/15 14:37, Tim Wilson-Brown - teor wrote: > >> On 20 Dec 2015, at 23:42, NOC > > wrote: >> >> Signed PGP