[tor-dev] Tor and DNS

Ondrej Mikle ondrej.mikle at gmail.com
Tue Feb 7 21:08:32 UTC 2012


On 02/07/2012 03:18 PM, Jakob Schlyter wrote:
> 
> I may have missed parts of the previous discussion, but why are you not encapsulating the whole DNS request from the client? Various flags and other options (e.g. EDNS0) would be quite useful to be able to transport across the TOR network.

There were two main objections:

1. full packet might leak identifying information about OS or resolver used,
quoting Nick:
> There are parts of a DNS packet that we wouldn't want
> to have the Tor client make up.  For example, DNS transaction IDs
> would need to avoid collisions. Similarly, I don't see why the client
> should be setting most  of the possible flags.

The query will work as if following was set: flags 0x110 (recursive,
non-authenticated data ok), DO bit set. Is there any reason for setting some
flags otherwise or make some optional?

2. Roger wanted Tor to know as little as possible about DNS internals.


Ondrej


More information about the tor-dev mailing list