Tor & DNS Requests
Joseph B Kowalski
jbk at hush.ai
Thu May 4 21:14:05 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello everyone,
I have a few questions about how the Tor network handles DNS lookup
requests that I couldn't find answers to in any of the
documentation I went through, so hopefully I can find an answer
here.
1) It is clear that the Tor network only handles TCP traffic and
not UDP, which is, of course, what standard DNS lookup requests use
(UDP). So, when directing DNS lookup requests into the Tor network
(whether by setting the network.proxy.socks_remote_dns flag in
Firefox or using Privoxy or whatever), is the application or proxy
(Firefox or Privoxy, in this example) handing the DNS lookup
request to the Tor client using TCP already, or does the Tor client
translate the UDP DNS lookup request into a TCP DNS lookup request
before passing to the first OR (entry node)?
2) Once the DNS lookup request reaches the exit node, does the exit
node perform a standard UDP DNS lookup using it's configured
nameservers, or does it do it using a TCP DNS lookup?
3) Is it necessary to allow traffic to port 53 in the exit policy
of an OR in order for that OR to perform DNS lookups on the behalf
of client requests? I know that common sense appears to suggest
that this is so, but I couldn't find anything in the documentation
stating if DNS lookups are just something all exit nodes handle
automatically and by default, or if only exit nodes configured to
allow outbound traffic to port 53 allow them. Furthermore,
depending on what the answer to question number 2 is, one might
think that allowing outbound traffic to port 53 in an exit policy
is only necessary if the operator wants to allow TCP connections to
port 53, since that is, of course, the case with every other port
you could put in an exit policy (TCP-ONLY).
Any clarification would be appreciated. If I wasn't clear on any of
the questions, please feel free to let me know, and I'll try to do
a better job explaining.
Thank you.
Best regards,
Joe Kowalski
PGP Key ID: 0xA96A2EE0
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5
wkYEARECAAYFAkRabp0ACgkQQ4RaO6lqLuDFiwCaAx+gRctNSaWVShdVAw3niZ7wmhoA
n2NeAo2n3AVpXYSn+UxPXz7/oyhT
=j381
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list