On 2018-05-11 14:52, Ralph Seichter wrote:
Assuming you can install whatever software you like, I recommend
running
your own instance of Unbound on your exit node machines. Current
Unbound
versions support DNSSEC validation, QNAME minimisation, etc. While
using
your ISP's resolvers works as a fallback, a local resolver is better
and
easy enough to set up.
We are currently using Unbound plus 2 ISP name servers in
/etc/resolv.conf. I still occasionally see the dreaded "all nameservers
have failed" message, even though the latest Tor release has fixes for
DNS performance (IIRC).
Kind regards,
Alexander
--
PGP Key: https://dietrich.cx/pgp | 0x52FA4EE1722D54EB
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays