[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: prevent tor accepting dns requests on dnsport initiated by itself

To: or-dev@xxxxxxxxxxxxx
Subject: Re: prevent tor accepting dns requests on dnsport initiated by itself
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Wed, 27 Jun 2007 12:18:22 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-dev-outgoing@xxxxxxxx
Delivered-to: or-dev@xxxxxxxx
Delivery-date: Wed, 27 Jun 2007 12:18:32 -0400
In-reply-to: <200706231308.33786.robert@xxxxxxxxxxxxxxx>
Mail-followup-to: Nick Mathewson <nickm@xxxxxxxxxxxxx>, or-dev@xxxxxxxxxxxxx
References: <200706212253.10004.robert@xxxxxxxxxxxxxxx> <20070622155248.GD25401@xxxxxxxxxxxxxxxxxx> <200706231308.33786.robert@xxxxxxxxxxxxxxx>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i

On Sat, Jun 23, 2007 at 01:08:33PM +0100, Robert Hogan wrote:
> On Friday 22 June 2007 16:52:48 Nick Mathewson wrote:
> > On Thu, Jun 21, 2007 at 10:53:08PM +0100, Robert Hogan wrote:
> > > This would also prevent the user resolving a dns request if it
> > > coincided exactly with the very same request by tor. I don't know
> > > how likely this would be in practice - I certainly haven't been
> > > quick enough on the draw.
> >
> > I think this is actually a dangerous idea.  We separate the client DNS
> > cache from the server DNS cache for a reason: if you're using a Tor
> > instance as both a client and a server, it's a good idea to keep the
> > client's behavior more or less uncorrelated by the server's.
> >
> 
> Sorry, I don't get it!

Ah, I misunderstood the purpose of the patch.  I thought it was to
save time on DNS resolves, not to check for DNSPort loops.  I get it
now. :)

> I don't think any mixing of the caches takes place here. The patch
> prevents a Tor server from resolving DNS requests when a broken
> system configuration routes them all back to its own DNSPort. In
> this situation the tor server will always be unable to resolve
> anything and the server admin will be warned accordingly.
> 
> If the same Tor instance is being used as a client then the only
> occasion in which an application's requests (e.g. from firefox) will
> fail is if it happens to request the exact same dns resolve at
> precisely the same moment the server's same dns request is in
> progress. Otherwise its requests, even for the same hostname, will
> be successfully routed over the tor network.
> 
> I don't believe a failure of the client request in the above
> situation will result in a cache hit (server or client), the request
> will just fail and the app will try again or give up.

Hmmm. I really _don't_ like the idea of making good client DNS break
_ever_, even if it's hard to provoke on your machine.  After all, if
users see this in practice, it's not likely that they'll even know to
report it as a bug, since it would be intermittent and hard to prove.

Could it be simpler just to add a function to eventdns.c to make sure
none of the nameservers are going to the addr:port of our dnsport?

yrs,
-- 
Nick Mathewson

Attachment: pgprRlV9wWTwN.pgp
Description: PGP signature

Follow-Ups:
- Re: prevent tor accepting dns requests on dnsport initiated by itself
  - From: Robert Hogan

References:
- prevent tor accepting dns requests on dnsport initiated by itself
  - From: Robert Hogan
- Re: prevent tor accepting dns requests on dnsport initiated by itself
  - From: Nick Mathewson
- Re: prevent tor accepting dns requests on dnsport initiated by itself
  - From: Robert Hogan

Prev by Author: Re: check for conflicting *Port directives
Next by Author: Re: TODO: Add a way to request DNS resolves from the controller
Previous by thread: Re: prevent tor accepting dns requests on dnsport initiated by itself
Next by thread: Re: prevent tor accepting dns requests on dnsport initiated by itself
Index(es):
- Author
- Thread