Install Anyone Exit Relay
This page instructs how to configure an Exit Relay with recommended minimum configuration.
This setup process includes installing the Anon client using the APT repository, configuring the client as an Exit, adding an Exit Notice, setting up firewall rules and guidelines on how to achieve Double-reverse DNS.
It is important to understand that running an Exit relay requires more maintenance and security awareness than in comparison to a Middle relay. Read our Exit Guidelines before installing an Exit Relay. It is recommended to never host an Exit relay at home or other private premises.
Install using the apt repository
apt repositoryFully upgrade the system
Install anon
Configure anonrc
Edit the anon configuration:
Use the template below and replace with a non-personal mail address for ContactInfo and change Nickname to your liking.
Download the Anyone Exit Notice
Add a non-personal mail address to the Exit Notice
Edit line 101 in the file anyone-exit-notice.html and change the value EMAIL_ADDRESS to a non-personal mail address to be able to respond to Abuse complaints.
Restart anon service to apply anon configuration
If additional changes are made to the anyone-exit-notice.html file, reloading the anon service to apply the changes is necessary. Reloading is executed with the command:
Apply firewall rules
This example assumes default ports are used for ORPort (9001), SSH (22) and HTTP (80). Change these values from the example if needed.
Double-reverse DNS
It is highly recommended that you set up a valid Double-reverse DNS, also known as a "double reverse lookup", which refers to the process of performing a reverse DNS lookup on the result of a forward DNS lookup. This is typically done for purposes of adding legitimacy to the identity of a remote system. To achieve this the two DNS records, PTR and A, need to be configured for an IP-address.
Pointer Record (PTR): Also called Reverse DNS is a DNS record that maps an IP address to a domain name, commonly used for reverse DNS lookups to verify the authenticity of the sender's domain. PTR adds another layer of legitimacy when accessing services and for the destination to easier evaluate the source.
Address Record (A): The most commonly used DNS record that links a domain name to an IP address, enabling devices to find and connect to websites and servers on the internet.
For example, if you have a domain name like example.com with an IP address of 192.0.2.1, a double-reverse DNS lookup would involve:
Pointer Record (PTR)
Address Record (A)
How do I achieve Double-reverse DNS?
As mentioned above the two DNS records that need to be configured are A and PTR. For the exact steps on how to configure the two DNS records then it is important to refer to the providers documentation on how to achieve this.
Mind that multiple Exit IP-addresses must not have identical DNS records, so adding an index number per Exit, like anyone-exit-1.example.com is a suggestion.
Pointer Record (PTR)
In the example where an Exit Relay is hosted at a cloud provider, then the control panel of the VPS will provide the possibility to configure a PTR record for your Exit IP. This setting can also be referred to as Reverse DNS, rDNS, Reverse mapping and more.
Address Record (A)
Here's a simplified breakdown:
Acquire a domain name: Choose a domain registrar (e.g., GoDaddy, Namecheap). Search for a domain name and purchase it.
Manage DNS Settings: Log in to your domain registrar's account. Go to the DNS management section.
Create an A Record: Add a new A record for your domain. Set the Hostname (e.g.,
anyone-exit-1.example.com). Enter the Public IP address of your Exit relay and save the record.
DNS changes can take between 24 and 48 hours to fully propagate across the internet. However, it can sometimes be much quicker for simple DNS changes, or longer, especially for complex DNS configurations or in specific regions.
Last updated