[conspire] Internet Privacy: today's vote and measures to take

[Ivan Sergio Borgonovo]

On 04/04/2017 04:26 AM, Rick Moen wrote:

>> As I already said in my previous email I could actually keep on
>> running dnsmasqd.

Ok dnsmasqd and unbound are working.

luci (the web interface of openwrt) doesn't let you change server= 
configuration option. Fortunately luci doesn't mess up with 
/etc/dnsmasqd.conf but it just source it with

conf-file=/etc/dnsmasq.conf

> For serving up real _public_ authoritative DNS, i.e., for the public's

Potentially I'm planning to serve up real _public_ authoritative DNS 
records.
It depends on if I'll be able to get a/some static IP and a fatter upstream.

> Yes, and I consider RPi inappropriate for any task requiring sensitive
> security because, like all ARM devices currently, it cannot run a
> kernel.org kernel.  Therefore, if a kernel security problem arises, you
> need to wait for the RPi special-snowflake out-of-tree patchset to get
> updated.

> Sorry, no, unacceptable, IMO.  I'd rather splurge a couple of more watts
> on a tiny x86_64 host w/SSD.

openwrt kernels are reasonably well maintained.

Unfortunately the overall ARM server experience is not on par with x86.
Even if I'd be interested in setting up an ARM server the main 
differentiator is storage.
Once you need storage, you need a case, and larger power supply.
NAS similar to qnap have similar prices to mini servers but they are 
much less versatile.

On the other hand if I don't need storage I'm looking for a router.
In the SOHO segment is not worth to DIY, just go with openwrt.

I'm looking around for something more powerful but still the best option 
seems some kind of x86 board from pc-engines.
If I'll really set up a publicly exposed authoritative DNS some kind of 
containerization would come handy and I'm worried performance will be 
terrible on ARM.

-- 
Ivan Sergio Borgonovo
http://www.webthatworks.it http://www.borgonovo.net