[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Bug: improperly bound listen addresses?



> If you're a relay, tor will attempt to do name resolution for
> clients, perhaps this is what you're seeing.

Yes. And it should have the facility to bind to whatever address I
tell it to use for that purpose. Not the primary address on any
given interface, the '*' address, etc. Tor already has facilities
for its OR and DIR 'listeners' and the 'outboundbindaddress'. It
needs one one for DNS resolution as well. I don't want it using .1
for that. Create a -dnssrcport and -dnsbindaddress. -dnssrcport
should allow >=1024 for non-root and anything for root, particularly
53.

Note that Tor still performs some tor related DNS queries even if
it is: 'reject *:*'. Otherwise there would be no need to bind udp
in that case.

>> [w] Your server (10.0.0.1:9001) has not managed to confirm

> Because tor can't confirm 10.0.0.1 is a valid non-rfc1918 address.

No. As with w.x.y.z:53, I have protected the innocent for this note.
In your mind, do the reverse and replace every instance of 10.0.0.0/24
above with one publicy routed /24 cidr block while preserving the
last octet. Then it is clear that something is wrong. I have bound
OR, DIR and the 'outboundbindaddress' to .2. It thinks otherwise.