Changes between Version 161 and Version 162 of TorRelayGuide


Ignore:
Timestamp:
Jan 12, 2018, 11:41:54 AM (6 months ago)
Author:
cypherpunks
Comment:

reorder items in tor exit configuration section (set PTR, WHOIS, exit notice first, then enable exiting)

Legend:

Unmodified
Added
Removed
Modified
  • TorRelayGuide

    v161 v162  
    459459=== Exit Relay Configuration
    460460
    461 The sample configuration above configures a non-exit relay.
     461==== Reverse DNS and WHOIS record
     462
     463Before switching your relay to become an exit relay, ensure that you have set a clear DNS reverse (PTR) record to make it clear for everyone that this is a tor exit relay.
     464Something like "tor-exit" it its name is a good start.
     465
     466If your provider offers it, make sure you set your WHOIS record makes clear that this is a Tor exit relay.
     467
     468==== Exit Notice HTML page
     469
     470To make it even more obvious that this is a Tor exit relay you should serve a Tor exit notice HTML page. Tor can do that for you if your DirPort is on TCP port 80, you can make use of tor's [https://www.torproject.org/docs/tor-manual.html.en#DirPortFrontPage DirPortFrontPage] feature to display a HTML file on that port. This file will be shown to anyone directing his browser to your Tor exit relay IP address.
     471
     472{{{
     473DirPort 80
     474DirPortFrontPage /path/to/html/file
     475}}}
     476
     477We offer a sample Tor exit notice HTML file, but you might want to adjust it to your needs:
     478https://gitweb.torproject.org/tor.git/plain/contrib/operator-tools/tor-exit-notice.html
     479
     480Here are some more tips for running a reliable exit relay: https://blog.torproject.org/tips-running-exit-node
     481
     482==== DNS on Exit Relays
     483
     484Unlike other types of relays, exit relays also do DNS resolution for Tor clients. DNS resolution on exit relays is crucial for Tor clients. It is recommended to use a local (on the same host or same LAN segment) recursive DNS resolver.
     485
     486There are multiple options for DNS server software, unbound has become a popular one. In every case the software should be installed using the OS package manager to ensure it is updated with the rest of the system.
     487
     488DNS resolution can have a significant impact on the performance your exit relay provides. Poor DNS performance will result in less traffic going through your exit relay.
     489It is a bad practice to use DNS resolvers from big corporations like Google since they see already a lot of DNS requests from exits or organizations that perform filtering on DNS requests.
     490
     491
     492==== Final Step: Enable Exiting in your torrc configuration
    462493
    463494To become an exit relay add the following configuration line in your torrc configuration file and define your [https://www.torproject.org/docs/tor-manual.html.en#ExitPolicy exit policy].
     
    472503https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
    473504
    474 ==== Reverse DNS record
    475 
    476 Ensure that you have set a clear DNS reverse (PTR) record to make it clear for everyone that this is a tor exit relay.
    477 Something like "tor-exit" it its name is a good start.
    478 
    479 ==== Exit Notice HTML page
    480 
    481 To make it even more obvious that this is a Tor exit relay you should serve a Tor exit notice HTML page. Tor can do that for you if your DirPort is on TCP port 80, you can make use of tor's [https://www.torproject.org/docs/tor-manual.html.en#DirPortFrontPage DirPortFrontPage] feature to display a HTML file on that port. This file will be shown to anyone directing his browser to your Tor exit relay IP address.
    482 
    483 {{{
    484 DirPort 80
    485 DirPortFrontPage /path/to/html/file
    486 }}}
    487 
    488 We offer a sample Tor exit notice HTML file, but you might want to adjust it to your needs:
    489 https://gitweb.torproject.org/tor.git/plain/contrib/operator-tools/tor-exit-notice.html
    490 
    491 Here are some more tips for running a reliable exit relay: https://blog.torproject.org/tips-running-exit-node
    492 
    493 ==== DNS on Exit Relays
    494 
    495 Unlike other types of relays, exit relays also do DNS resolution for Tor clients. DNS resolution on exit relays is crucial for Tor clients. It is recommended to use a local (on the same host or same LAN segment) recursive DNS resolver.
    496 
    497 There are multiple options for DNS server software, unbound has become a popular one. In every case the software should be installed using the OS package manager to ensure it is updated with the rest of the system.
    498 
    499 DNS resolution can have a significant impact on the performance your exit relay provides. Poor DNS performance will result in less traffic going through your exit relay.
    500 It is a bad practice to use DNS resolvers from big corporations like Google since they see already a lot of DNS requests from exits or organizations that perform filtering on DNS requests.
    501505
    502506