[tor-dev] DNSSEC

merc1984 at f-m.fm merc1984 at f-m.fm
Sat Aug 30 23:35:27 UTC 2014


Does anyone know why TOR does not use DNSSEC?  The only documentation I
found on the TORProject website for DNS does not actually explain how
DNS works on TOR.  I infer it must be TCP, as TOR can not do UDP, and I
imagine that relay nodes must be the resolvers in order to resolve
.onion domains.  But beyond that there is no information on how it
works.

Seems to me that the lack of DNSSEC in TOR is a gigantic security hole.
(DNS cache poisoning)




-- 
http://www.fastmail.fm - Access your email from home and the web



More information about the tor-dev mailing list