I should probably point out here that these configurations were originally designed for Zcash node operators to run ‘Dual Stack’ servers over Tor (in the main), allowing for Tor and clearnet connectivity - the configurations were then expanded upon per use case and for Client (only) use.
You are correct in adding dnsseed=0 for optimal privacy for Tor 1 and Zcash 1 - Proxified Zcash (example) and I will clarify settings in the original post. For ‘Dual Stack’ servers this option should be left at the default value.
" -dnsseed - Query for peer addresses via DNS lookup, if low on addresses (default: 1 unless -connect/-noconnect) "
DNS leaks with Tor are not as much as an issue as they once were. Although they do remain an issue, more so with windows.
…
Using onlynet=onion will enforce using only the specified addnode=.onion addresses in your zcash.conf . Thus, if said services are ever ‘offline’ then you might have connectivity issues.
Whilst only enabling connectivity with .onion addresses is the most private way to run Zcash on Tor (because the traffic never exits from the Tor network), it is perhaps a good idea to allow .exit connections from Tor .exit nodes to reach other clearnet Zcash nodes. Simply having diverse connectivity can also be good for privacy and the Zcash network as a whole.
" -onlynet= - Only connect to nodes in network (ipv4, ipv6 or onion) "
…
Thank you for highlighting these additions!
This is a work in progress, without a ‘one size fits all’ solution and we certainly require some much more organized documentation.