Re: [tor-dev] Special-use-TLD support

Subject: Re: [tor-dev] Special-use-TLD support

From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>

Date: Sun, 27 Sep 2015 23:32:41 +0200

Delivery-date: Sun, 27 Sep 2015 17:32:58 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=U4miTQ/Hpu5Yp2Q5fwjWWGHWauZJ3lVrdMaYEGf0CYs=; b=JQjo/f3mJ4Vw52doskJ2pL2HBtoMxxS+SP9y4hq4JxlTg9Z4fCtQAQYhdoL5Hxg/Xf snhjSAuVSjwPj2TIN1g1bzbSDLqGAqtXw99ttjpxYOzGVFLKYyoBmIF2N5+BugzWdRHk 7UuWgSb9NX7VqzJAOl3ckaDKBwP0tYPekJbzwJzRwcspZWvqYPQam2uSMQj1FqaDJGMv HhgM9JqW4tnRFNCejwLFIuW/v47axG6TTf1ye1kqW2aEpVppEMaPRmPJ5vxMjmus45o9 BfxKwXShl0XVNSayTuVwdIWKpXxxsx/ok/phuw+eLf0NJnQri7P7OO+sCoqrgNsGmJFf O/2g==

In-reply-to: <1443376037.1686.18.camel@xxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <1443376037.1686.18.camel@xxxxxxxxxx>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi Jeff,

I have some questions about how NameSubstitution rules work in some edge cases:

On 27 Sep 2015, at 19:47, Jeff Burdges <burdges@xxxxxxxxxx> wrote:
...
Configuration

We propose two Tor configuration options :

   NameSubstitution [.]source_dnspath [.]target_dnspath
   NameService [.]dnspath socketspec
     [noncannonical] [timeout=num]
     [-- service specific options]

We require that socketspec be either the path to a UNIX domain socket
or an address of the form IP:port. We also require that that each
*dnspath be a string conforming to RFC 952 and RFC 1123 sec. 2.1.
In other words, a dnsspec consists of a series of labels separated by
periods . with each label of up to 63 characters consisting of the
letters a-z in a case insensitive mannor, the digits 0-9, and the
hyphen -, but hyphens may not appear at the beginning or end of labels.

NameSubstitution rules are applied only to DNS query strings provided
by the user, not CNAME results. If a trailing substring of a query
matches source_dnspath then it is replaced by target_dnspath.

NameService rules route matching query to to appropriate name service
supplier software. If a trailing substring of a query matches dnspath,
then a query is sent to the socketspec using the RPC protcol descrived
below. Of course, NameService rules are applied only after all the
NameSubstitution rules.

Are multiple NameSubstitution rules applied in the order they are listed?

For example:

NameSubstitution .com .net

NameSubstitution .example.net .example.org

What does foo.example.com get transformed into?

Are trailing periods significant?

For example:

NameSubstitution .com .net

What does example.com. get transformed into?

For example:

NameSubstitution .com. .net.

What does example.com get transformed into?

Are leading periods significant?

For example:

NameSubstitution com net

What does example.com get transformed into?

What does foo.viacom get transformed into?

Are duplicate rules significant?

For example:

NameSubstitution .com .com.com

What does example.com get transformed into?

Is there a length limit for the final query?

(DNS names are limited to 255 characters.)

For example:

NameSubstitution .a .<254 characters>

What does <253 characters>.a get transformed into?

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev