[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21989 [Core Tor/Tor]: Should we tell Exits to reject all traffic if DNS fails?

Subject: Re: [tor-bugs] #21989 [Core Tor/Tor]: Should we tell Exits to reject all traffic if DNS fails?
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 08 Jun 2017 00:31:43 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 07 Jun 2017 20:31:57 -0400
In-reply-to: <044.89b47f6f52999bc34ec1c6df478ab84c@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.89b47f6f52999bc34ec1c6df478ab84c@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21989: Should we tell Exits to reject all traffic if DNS fails?
---------------------------+----------------------------------
 Reporter:  teor           |          Owner:
     Type:  defect         |         Status:  new
 Priority:  Medium         |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor   |        Version:
 Severity:  Normal         |     Resolution:
 Keywords:  dns, tor-exit  |  Actual Points:
Parent ID:  #21900         |         Points:  1
 Reviewer:                 |        Sponsor:
---------------------------+----------------------------------

Comment (by teor):

 Replying to [comment:2 arma]:
 > I think we think we already have exits refuse to be exits if their dns
 isn't working.
 >
 > See check_dns_honesty_callback() and the dns_launch_correctness_checks()
 that it calls.

 Well, maybe we try, but it doesn't work consistently right now.

 In fact, chutney's upcoming offline mode (#21903) will rely on the fact
 that exits without DNS still allow exiting to IP addresses.

 > It looks like it could be improved.

 If we fix this, we need to make sure AllowBrokenDNSConfig actually works.
 Or we need to add an option that maintains the current behaviour, because
 chutney relies on it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21989#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #13195 [Core Tor/Tor]: Collect aggregate stats around hidden service descriptor publishes and fetches
Next by Author: [tor-bugs] #22781 [Core Tor/Tor]: hs: Unify link specifier API/ABI
Previous by thread: Re: [tor-bugs] #21989 [Core Tor/Tor]: Should we tell Exits to reject all traffic if DNS fails?
Next by thread: Re: [tor-bugs] #21989 [Core Tor/Tor]: Should we tell Exits to reject all traffic if DNS fails?
Index(es):
- Author
- Thread