[tor-dev] GSoC: Support all kinds of DNS queries
Jeremy Rand
jeremyrand at airmail.cc
Sun Apr 2 03:22:58 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Daniel Achleitner:
> Hi everyone,
>
> I'm a Software Engineering master's student at TU Wien, Austria,
> with a recent focus on computer security and privacy issues. I am
> interested in participating in GSoC 2017, particularily in the
> task to support all kinds of DNS queries via Tor [1].
>
> I've seen the mailing list discussions of 2012 and read the
> resulting proposition 219 [2]. What do you think, which parts of
> it (if any) would need to be adapted for DNS in 2017? My current
> impression is that not much has changed, particularily regarding
> DNSSEC support and deployment.
>
> As of now, the proposal looks fairly complete with few questions
> remaining, the biggest research task being how to utilize
> libunbound for query/response parsing and construction.
> Implementing the RELAY DNS cells then seems fairly
> straightforward. Unit/integration tests and some fuzzing would be a
> good idea. The problem of reducing DNSSEC roundtrips
> (serialization) to be investigated in a later phase, I would say.
>
> Is a separate AXFR tool still something that is desired? I have no
> experience with zone transfers -- can't the existing tooling just
> be used over a normal TCP conn through Tor?
>
> This project idea would make a good match to my thesis in
> progress, for which I am researching and evaluating
> privacy-improving DNS tools in the context of Tor (DNSCrypt,
> DNS-over-TLS) [3], inspired by the awesome paper on DNS correlation
> [4]. For example, I recently built a SOCKS-to-SOCKS translator
> which allows to resolve hostnames using a resolver of choice, e.g.
> using DNSCrypt with TBB.
>
> Looking forward to hearing your thoughts, concerns and opinions!
>
> Best regards, Daniel
>
> IRC handle on OFTC: idealchain
(Thinking out loud.) It would be interesting to have some kind of
algorithm agility here. For example, a Tor client could send a
request for a Namecoin domain name, and the exit relay would return a
Namecoin merkle proof in the same way that it would return a DNSSEC
signature if were a DNS doman name.
Cheers,
- --
- -Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile PGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with PGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the
moment.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJY4G6EAAoJELPy0WV4bWVw2UMQAKEbpa5u0zHHHAYrZS5huMcM
LsCmd5o1q5fQXzVyncWiYVasYUUQHcMp7SygqLJK6mCNgvDgytYGQ6S9qbt/xnqO
aPxIBBM0zYEnmn2QMg35AxjV8P9uc0TuAHpfA03shlD8adgRqSsUocYjeI2fa0P4
ZxggtLhPXrk3CHJqfKL1gwr/+fSFTS7MrXc9HnnmwCUaB3h+5tggMjEXeQxjsfES
mdgL/Y9ecQD+k+dxtuWoTFrqoOLE1Asa8Ve1dGo4hUSyD6MkPKnjj2wQKAditj+w
zXB1ETd0ZQEKX/mguZXff9596AJklDRsU+HTKplNJsyh/nkqpL05PKeaaQerSynf
5bgc2Z4U4eHenMvnh4QGq+Ce9xuS+8moSfU218GLilJz1jz2K5P9YxLG2KFl3Bhu
O99merBZbBxgGpism/C/Ae9GgtH20pvgKeN/rgy+80DbowF5e+m+9qH/DXoKArIu
+u1LYHM4dT02VHONy2y31RS8maWebsm6tWQ4ciit2vRg2dukzzDmQQt/Wj6L2pal
4o24cp6CsIU/kifb/gEYYE5id4mbr1u580jXFvMeTrWRMvRp1o6uxFaaV4GtY1OG
VTCuQuuuEXysA8I0+SYpVnAyM6zoq/mJkZGhl/doRgMdn7RA5XEJHrxsE5z8PYTE
vl/kcBsLKuO6EKxJ8TAt
=Ctku
-----END PGP SIGNATURE-----
More information about the tor-dev
mailing list