GitLab

It would be great to show relay operators more information about what they could improve on their relay configuration. In the area of exits and DNS this could be:

• DNSSEC
• do not use Google, Cloudflare, Quad9,.. DNS server

To support this we would first need two new onionoo fields before adding indicators to Relay Search. Both fields are only relevant for exit relays.

dnssec_validation: boolean True if the exit relay does validate

dns_resolver: string PTR record for the IP address used to resolve a hostname via this exit.

To collect the data you could run exitmap's dnssec and dnsenum modules once every ~12 hours.

https://github.com/NullHypothesis/exitmap/blob/master/src/modules/dnssec.py https://github.com/NullHypothesis/tor-dns/blob/master/code/resolvers-of-exit-relays/dnsenum.py

context: https://twitter.com/nusenu_/status/983302939258138626