[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor & DNS Requests
On Thu, 4 May 2006, Roger Dingledine wrote:
No. All Tor nodes, including nodes with an exit policy of reject
*:*, are willing to do DNS resolves for people. Of course, clients
will try to pick nodes that would allow their connection to exit,
so they will tend to avoid using the reject *:* ones -- but when
using our extension to socks to do dns resolves directly (see
http://tor.eff.org/cvs/tor/doc/socks-extensions.txt) the Tor client is
fine picking a reject-all node, since no traffic will actually be exiting.
I didn't realize that. I set up an internal-only server because my
organization didn't like where people were exiting to, but the way they were
monitoring the network was by sniffing DNS requests.