[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS



On Tue, Oct 01, 2002 at 02:24:16PM +0100, Andrei Serjantov wrote:
> What is the current proposal on how to do DNS? I take it Mozilla does it
> before anything else and thus reveals the hostname to the outside world at
> the moment?

That is correct.

The current proposal is to modify all applications to use socks4a or to
pass the hostname to the socks server rather than resolve it first. And
that's not a very good proposal.

In the case of http, we're doing pretty well, because privoxy supports
socks4a, and we want to do data scrubbing anyway.

So it could be that we really do want to find a data scrubbing proxy
for many protocols, and solve much of the problem that way.

But for things like ssh, where we're trying to protect against traffic
analysis, not anonymize the sender from the recipient, a scrubbing proxy
makes no sense. But though we can just do "tsocks ssh arma@moria" now,
'moria' gets resolved. In my particular case I know the IP, so I can do
"tsocks ssh arma@18.244.0.188" perfectly safely. But that's probably
not a good general solution either.

One possible approach is to distribute a socksified bind (or equivalent),
so people run a local nameserver that knows how to query over tor.

--Roger