[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor DNS lookups failing

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Tor DNS lookups failing
From: Mike Perry <mikepery@xxxxxxxxxx>
Date: Mon, 4 Dec 2006 05:10:08 -0600
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Mon, 04 Dec 2006 06:10:35 -0500
In-reply-to: <5F3E4FD1-C894-4C8A-94C5-C84EEEE88599@tamboli.cx>
References: <5F3E4FD1-C894-4C8A-94C5-C84EEEE88599@tamboli.cx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.1i

Thus spake Jay Goodman Tamboli (jay@xxxxxxxxxx):

> A few months ago I modified Snakes on a Tor to do DNS lookups through  
> various nodes and compare the results. At the time there was a node  
> that was intermittently giving users an ad page instead of a real  
> page. I found then that the only node that was returning an IP  
> address that was incorrect was "whistlersmother," but I didn't report  
> that here because I was a little unsure about my methodology.
> 
> Last week I started scanning again with a better idea of what I was  
> doing. Notably, the latest Tor alpha resets the DNS cache on NEWNYM,  
> so I didn't have to much with the Tor source to stop it from caching  
> the lookups. After a couple of days of scanning, I haven't found any  
> nodes returning incorrect information, but I have seen more lookup  
> failures than I remember seeing last time. This jibes with my  
> personal experience, where I feel like I've seen more DNS lookup  
> failures than previously.
> 
> I was wondering, first, if other people are seeing fairly frequent  
> erroneous DNS failures. Secondly, is there anything Tor can do to  
> improve the situation, like requesting a second lookup via another  
> circuit if one reports a failure, or maybe not caching failures? I'm  
> not sure either of those is a good solution, but right now when I get  
> a failure I have to either wait for the circuit to time out or send  
> Tor NEWNYM. Otherwise the result seems to be cached, so a reload in  
> my web browser just gives me the Privoxy error page again.

Yeah, I just started noticing a lot of DNS failures on my most recent
batch of scanning as well. I've got a fair amount of work to do before
SoaT 0.0.5 is ready (I think I've just about hit the limit of
maintainable complexity in a perl script :), but when it's done it
should be able to help us figure out which servers this is happening
at, as well as a shitload of other interesting info as well.

I'm hoping to make the release next weekend.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

References:
- Tor DNS lookups failing
  - From: Jay Goodman Tamboli

Prev by Author: Re: Bootstraping Tor manually to get past the Great Firewall
Next by Author: Nodes frequently changing keys...
Previous by thread: Re: Tor DNS lookups failing
Next by thread: push cache for squid in tor
Index(es):
- Author
- Thread