[or-cvs] r9952: Rename DNSBL to DNSEL. (in tor/trunk: . doc/contrib)
nickm at seul.org
nickm at seul.org
Sat Apr 14 16:59:41 UTC 2007
Author: nickm
Date: 2007-04-14 12:59:41 -0400 (Sat, 14 Apr 2007)
New Revision: 9952
Modified:
tor/trunk/
tor/trunk/doc/contrib/torbl-design.txt
Log:
r12355 at catbus: nickm | 2007-04-14 11:52:20 -0400
Rename DNSBL to DNSEL.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r12355] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/doc/contrib/torbl-design.txt
===================================================================
--- tor/trunk/doc/contrib/torbl-design.txt 2007-04-14 05:00:21 UTC (rev 9951)
+++ tor/trunk/doc/contrib/torbl-design.txt 2007-04-14 16:59:41 UTC (rev 9952)
@@ -1,9 +1,9 @@
-Design For A Tor RBL {DRAFT}
+Design For A Tor DNS-based Exit List
Status:
- This is a suggested design for a DNSBL for Tor exit nodes. It hasn't been
- implemented.
+ This is a suggested design for a DNS Exit List (DNSEL) for Tor exit nodes.
+ It hasn't been implemented.
Why?
@@ -29,10 +29,10 @@
identify which Tor nodes might open anonymous connections to any given
exit address. But this is a bit tricky to set up, so only sites like
Freenode and OFTC that are dedicated to privacy use it.
- Conversely, providers of some DNSBL implementations are providing
+ Conversely, providers of some DNSEL implementations are providing
coarse-grained lists of Tor hosts -- sometimes even listing servers that
permit no exit connections at all. This is rather a problem, since
- support for DNSBL is pretty ubiquitous.
+ support for DNSEL is pretty ubiquitous.
How?
@@ -54,13 +54,13 @@
The DNS interface
- DNSBL, if I understand right, looks like this: There's some host at
- foo.example.com. You want to know if 1.2.3.4 is in the list, so you
- query for an A record for 4.3.2.1.foo.example.com. If the record
- exists, 1.2.3.4 is in the list. If you get an NXDOMAIN error, 1.2.3.4
- is not in the list.
+ Standard DNSEL, if I understand right, looks like this: There's some host
+ at foo.example.com. You want to know if 1.2.3.4 is in the list, so you
+ query for an A record for 4.3.2.1.foo.example.com. If the record exists,
+ 1.2.3.4 is in the list. If you get an NXDOMAIN error, 1.2.3.4 is not in
+ the list.
- Assume that the DNSBL sits at some host, torhosts.example.com. Below
+ Assume that the DNSEL sits at some host, torhosts.example.com. Below
are some queries that could be supported, though some of them are
possibly a bad idea.
@@ -160,7 +160,7 @@
masks wider than /8 make me nervous here, as do port ranges.
We need an answer for what to do about hosts which exit from different
- IPs than their advertised IP. One approach would be for the DNSBL
+ IPs than their advertised IP. One approach would be for the DNSEL
to launch periodic requests to itself through all exit servers whose
policies allow it -- and then see where the requests actually come from.
More information about the tor-commits
mailing list