[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: DNS

To: or-talk@xxxxxxxxxxxxx
Subject: Re: DNS
From: Peter Palfrader <peter@xxxxxxxxxxxxx>
Date: Sat, 18 Mar 2006 14:05:17 +0100
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sat, 18 Mar 2006 08:05:24 -0500
In-reply-to: <f7a41de00603180400v585671e1j432f3334b4060715@mail.gmail.com>
Mail-followup-to: or-talk@xxxxxxxxxxxxx
References: <f7a41de00603180400v585671e1j432f3334b4060715@mail.gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.9i

On Sat, 18 Mar 2006, Watson Ladd wrote:

> We can protect TCP connections, right? So applications should be modified to
> use TCP connections for DNS

No.  The application should be modified to do socks4a or socks5 with
hostnames.  Tor will then resolve the hostname on the other side when
making a connection.  Using TCP for DNS isn't really the answer.  For
starters to which DNS server do you go, and secondly it introduces extra
latency for no good reason.  The latter is also the reason why that dns
server called TorDNS is not really a good idea.

> That will anonymize DNS.  We also could have Tor itself do this for the DNS
> queries.

Tor already does dns queries.
-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/

Follow-Ups:
- Re: DNS
  - From: Jeff Rishea

References:
- DNS
  - From: Watson Ladd

Prev by Author: Re: Potential suspect behavior?
Next by Author: Re: Rotate log problem
Previous by thread: Re: DNS
Next by thread: Re: DNS
Index(es):
- Author
- Thread