Re: DNS

[Jeff Rishea <jrishea@xxxxxxxxx>]

On Mar 18, 2006, at 8:05 AM, Peter Palfrader wrote:

> On Sat, 18 Mar 2006, Watson Ladd wrote:
>
> > We can protect TCP connections, right? So applications should be  
> > modified to
> > use TCP connections for DNS
>
> No.  The application should be modified to do socks4a or socks5 with
> hostnames.  Tor will then resolve the hostname on the other side when
> making a connection.  Using TCP for DNS isn't really the answer.  For
> starters to which DNS server do you go, and secondly it introduces  
> extra
> latency for no good reason.  The latter is also the reason why that  
> dns
> server called TorDNS is not really a good idea.

I think what he's after is not an application, but the redirection  
and/or proxying of DNS requests en masse. For example, lets say you'd  
implement this functionality where your router is, that way it would  
ensure there's no DNS leaks, as well as provide DNS caching service  
for the whole family, in addition to Tor and possibly other proxies.


> > That will anonymize DNS.  We also could have Tor itself do this  
> > for the DNS
> > queries.
>
> Tor already does dns queries.
> --
>  PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
>     messages preferred.    | : :' :      The  universal
>                            | `. `'      Operating System
>  http://www.palfrader.org/ |   `-    http://www.debian.org/