[tor-bugs] #11625 [Core Tor/Tor]: Tor DNSPORT returns NXDOMAIN for AAAA records?

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 16 22:45:13 UTC 2019 

#11625: Tor DNSPORT returns NXDOMAIN for AAAA records?
-------------------------------------------------+-------------------------
 Reporter:  nickm                                |          Owner:  (none)
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.5.4-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-client, dns, exit-node-choice,   |  Actual Points:
  ipv6                                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by blueyed):

 I am seeing this behavior currently (Tor version 0.3.4.11 (git-
 4fd31340f3355342)).

 > I wonder if the behavior depends on what exit node you get? IIRC 0.2.3
 exit nodes won't return AAAA records; I wonder if we're asking them
 anyway.

 Might this still be a reason by now?

 I also wonder if this might be related to IPv6 not being configured (e.g.
 the machine has no inet6 address itself), since it has code like this in
 evdns_server_callback:

 {{{
   /* This serves our DNS port so enable DNS request by default. */
   entry_conn->entry_cfg.dns_request = 1;
   if (q->type == EVDNS_TYPE_A || q->type == EVDNS_QTYPE_ALL) {
     entry_conn->entry_cfg.ipv4_traffic = 1;
     entry_conn->entry_cfg.ipv6_traffic = 0;
     entry_conn->entry_cfg.prefer_ipv6 = 0;
   } else if (q->type == EVDNS_TYPE_AAAA) {
     entry_conn->entry_cfg.ipv4_traffic = 0;
     entry_conn->entry_cfg.ipv6_traffic = 1;
     entry_conn->entry_cfg.prefer_ipv6 = 1;
   }
 }}}

 (It also looks like TCP is rejected (which is used with `dig any`, or
 explicitly via `dig a +tcp @localhost example.com`))

 This is from the logs:
 {{{
 Apr 16 22:43:09.000 [info] {APP} evdns_server_callback(): Got a new DNS
 request!
 Apr 16 22:43:09.000 [info] {APP} evdns_server_callback(): Passing request
 for "example.com" to rewrite_and_attach.
 Apr 16 22:43:09.000 [info] {APP} evdns_server_callback(): Passed request
 for "example.com" to rewrite_and_attach_if_allowed.
 Apr 16 22:43:09.000 [info] {CIRC,APP} exit circ (length 3): $XXX(open)
 $YYY(open) $ZZZ(open)
 Apr 16 22:43:09.000 [info] {APP} link_apconn_to_circ(): Looks like
 completed circuit to $ZZZ~tortoise at 130.149.80.199 does allow optimistic
 data for connection to example.com
 Apr 16 22:43:09.000 [info] {APP} connection_ap_handshake_send_resolve():
 Address sent for resolve, ap socket -1, n_circ_id 2742445178
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11625#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list