[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: tor with OpenDNS as default DNS, using Firefox+FoxyProxy



Note:
Please only reply to the mailinglist _only_, every time you reply i get about 3 (three) emails with same content because you include my email addy as recipient also...
One email from the or-talk mailing list is enough to read your responses :)

--- On Mon, 4/13/09, Scott Bennett <bennett@xxxxxxxxxx> wrote:

> From: Scott Bennett <bennett@xxxxxxxxxx>
> Subject: Re: tor with OpenDNS as default DNS, using Firefox+FoxyProxy
> To: or-talk@xxxxxxxxxxxxx, "Tripple Moon" <tripple.moon@xxxxxxxxx>
> Date: Monday, April 13, 2009, 1:01 AM
> On Sun, 12 Apr 2009 09:05:07 -0700 (PDT) Tripple Moon
> <tripple.moon@xxxxxxxxx> wrote:
> >--- On Mon, 4/6/09, Scott Bennett
> <bennett@xxxxxxxxxx> wrote:
[cut for clarity]
> >My reason(s) for this scenario is so that:
> 
>      I missed this in my latest response:
> 
> >1) I am able to use custom DNS-Servers for both my
> client and others that use my exit point, without the
> warning messages.
> 
>      Those warning messages are caused by client-side code
> in tor in response
> to requests made to its SOCKS port; they are not issued as
> a result of your relay providing exit services.
ofcourse...did i argument otherwise?
> 
> >2) My, the operators, custom DNS-Servers can speedup
> _and_ aid in anonymity by blocking/re-directing certain
> domain names to other IP's.
> >Which will, in the case of OpenDNS, return a small HTML
> with a message telling its blocked.
> 
>      Providing such a page as a substitute for a response
> from the proper
> destination is in itself justification for immediate
> classification of your
> exit relay as a bad exit.  *Any* alteration/substitution of
> data qualifies the culpable exit relay for a BadExit flag.
Ofcourse i know tor does this, which is in theory the proper way but....
How does tor classify "proper destination"?
By doing DNS lookups and comparing the answers right?
That's a real problem for tor-operators in countries where DNS-queries are being intercepted by the authorities in certain countries...
The only way for tor-operators in that kind of environment is to use "custom DNS-servers" or put differently "other DNS servers as the default ones of the ISP".
In my current case Turkey, which redirects DNS-answers to block certain domains.
So yes what i want to do is about same as they do but under my own control of which ones get blocked.
The question that remains is: "How can i keep a tor relay running without being flagged as bad, while still doing custom blocking on the tor-client side?"

Brainstorming on my own:
I assume the only way is using a proxy _before_ the SOCKS connection to the tor-client, and setting up tor to use "custom DNS-servers" (term as explained above).
But which DNS-server IP's to use in "resolve.conf" because the nation's DNS servers are polluted...