Living without Privoxy
Adam Langley
alangley at gmail.com
Sun May 22 22:31:32 UTC 2005
Firefox nightly builds now have an option
"network.proxy.socks_remote_dns" which does what we need (passes
hostnames to Tor). You need to setup a SOCKS5 proxy as normal and then
goto about:config to set that option currently. They may have a GUI
for it in the next Firefox release.
This means that we can do without Privoxy given
http://extensionroom.mozdev.org/more-info/useragentswitcher and
sensible Firefox settings. (Nightly builds are much better about
deleting information on exit too) and this is a good thing.
(Note: there are still many issues unaddressed with browsers in
general, mostly relating to Javascript).
I've also just scribbled my thoughts about a more general solution
down (below), but the need for such a solution has just been reduced.
--------
We would like to write a caching DNS server which could sit on the
local machine and answer DNS queries by sending them to an OP.
* We need to cache results because DNS over Tor is pretty slow
* But what TTL do we use?
o We would wish to use the highest possible, but SOCKS
resolve destroys that information (actually, it never even gets passed
to Tor at the other end)
* We could add support for UDP over Tor (SOCKS5 supports UDP),
that way a resolver could talk DNS directly to the servers.
* Or we could add support for more DNS information over Tor.
o This would require a libevent based DNS library (libdnsres
will not do because it doesn't pass on TTL information)
o This probably needs additional, specific, RELAY cells.
o ADNS looks like it could work:
http://www.chiark.greenend.org.uk/~ian/adns/
--
Adam Langley agl at imperialviolet.org
http://www.imperialviolet.org (+44) (0)7906 332512
PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60
More information about the tor-talk
mailing list