[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Support for full DNS resolution and DNSSEC validation

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Support for full DNS resolution and DNSSEC validation
From: Alexander Færøy <ahf@xxxxxxxxxxxxxx>
Date: Fri, 15 May 2020 16:53:29 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 15 May 2020 12:53:54 -0400
In-reply-to: <701ff4c4-2a87-699f-0ca6-678c66ed77bb@airmail.cc>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
References: <2c459db33cb48d1ff9116f98e15ff6af7ca8dc1a.camel@gmail.com> <20200515152944.c2up4hxh3y76vizx@localhost> <5bcc4ea9-bfe8-8467-5349-7e8b5a789a99@airmail.cc> <20200515162420.uuobo2g2g27sfnfu@localhost> <701ff4c4-2a87-699f-0ca6-678c66ed77bb@airmail.cc>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hey,

On 2020/05/15 16:36, Jeremy Rand wrote:
> The Prop279 spec text is ambiguous about whether the target is required
> to be a .onion domain, but the implementations (TorNS and StemNS) do not
> have that restriction.  TorNS and StemNS allow a Prop279 plugin to
> advertise acceptance of any domain suffix (haven't explicitly tried the
> root zone as an suffix, but if that doesn't work, it's a bug that should
> be easy to fix) and can resolve them to any result (e.g. an IP address,
> a .onion domain, or another DNS name a la CNAME).

In proposal #279 the subprocess passes the `RESOLVED` message to Tor
once it is has completed a name look up. The `RESOLVED` message is
defined as follows:

    ``When the name plugin completes the name resolution, it prints the
    following line in its stdout:

        RESOLVED <QUERY_ID> <STATUS_CODE> <RESULT>

    where QUERY_ID is the corresponding query ID and STATUS_CODE is an integer
    status code. RESULT is the resolution result (an onion address) or an error
    message if the resolution was not succesful.''

Here the `<RESULT>` must be an onion address. We would have to change
that, such that an IP address can be returned as well :-)

All the best,
Alex.

-- 
Alexander Færøy
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Support for full DNS resolution and DNSSEC validation
  - From: Jeremy Rand

References:
- Re: [tor-dev] Support for full DNS resolution and DNSSEC validation
  - From: Alexander Færøy
- Re: [tor-dev] Support for full DNS resolution and DNSSEC validation
  - From: Jeremy Rand
- Re: [tor-dev] Support for full DNS resolution and DNSSEC validation
  - From: Alexander Færøy
- Re: [tor-dev] Support for full DNS resolution and DNSSEC validation
  - From: Jeremy Rand

Prev by Author: Re: [tor-dev] Support for full DNS resolution and DNSSEC validation
Next by Author: Re: [tor-dev] Support for full DNS resolution and DNSSEC validation
Previous by thread: Re: [tor-dev] Support for full DNS resolution and DNSSEC validation
Next by thread: Re: [tor-dev] Support for full DNS resolution and DNSSEC validation
Index(es):
- Author
- Thread