[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: tor with OpenDNS as default DNS, using Firefox+FoxyProxy
- To: or-Talk Mailinglist <or-talk@xxxxxxxx>
- Subject: Re: tor with OpenDNS as default DNS, using Firefox+FoxyProxy
- From: Tripple Moon <tripple.moon@xxxxxxxxx>
- Date: Mon, 13 Apr 2009 06:13:52 -0700 (PDT)
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 13 Apr 2009 09:13:56 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1239628432; bh=Kc5IfjLIZadOvsfr+QbiAZgVOcUqA0dwZ7SVUR6RAqc=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=6TuhrLPMp0nC//B8L33bg2o2m9ekBiQ7VJIzJZsjFNDz2C1pBavoGQ6EPNC8HtlG6isNy0kHQxKKrcwJz5Az6WX+Wra7rLjMIEDzYJCTpPIEC0v9xk3tiLd/2npQKhx/YSHIQJXJRQNLYpsEZ3ckxlDHsdZ69lgOTxz/+SeTkVs=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=LDAAFrgXMngRu/q8hft+pb3iv+t38EhmSFw08vA3Z3E/k8z7wieEqWIIWnVZWY8lxf31Ta/ew6Fr7X7WLnJtiTO1qbkr2jynx+rnl7ThiBaOLFDju9fDCThHyIEj0qWcmuxpCJu5KvqzeqYDbVgIrWMUNRM+5axeoebmJbqcAt8=;
- In-reply-to: <200904130501.n3D51Txq006304@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Note:
Please only reply to the mailinglist _only_, every time you reply i get about 3 (three) emails with same content because you include my email addy as recipient also...
One email from the or-talk mailing list is enough to read your responses :)
--- On Mon, 4/13/09, Scott Bennett <bennett@xxxxxxxxxx> wrote:
> From: Scott Bennett <bennett@xxxxxxxxxx>
> Subject: Re: tor with OpenDNS as default DNS, using Firefox+FoxyProxy
> To: or-talk@xxxxxxxxxxxxx, "Tripple Moon" <tripple.moon@xxxxxxxxx>
> Date: Monday, April 13, 2009, 1:01 AM
> On Sun, 12 Apr 2009 09:05:07 -0700 (PDT) Tripple Moon
> <tripple.moon@xxxxxxxxx> wrote:
> >--- On Mon, 4/6/09, Scott Bennett
> <bennett@xxxxxxxxxx> wrote:
[cut for clarity]
> >My reason(s) for this scenario is so that:
>
> I missed this in my latest response:
>
> >1) I am able to use custom DNS-Servers for both my
> client and others that use my exit point, without the
> warning messages.
>
> Those warning messages are caused by client-side code
> in tor in response
> to requests made to its SOCKS port; they are not issued as
> a result of your relay providing exit services.
ofcourse...did i argument otherwise?
>
> >2) My, the operators, custom DNS-Servers can speedup
> _and_ aid in anonymity by blocking/re-directing certain
> domain names to other IP's.
> >Which will, in the case of OpenDNS, return a small HTML
> with a message telling its blocked.
>
> Providing such a page as a substitute for a response
> from the proper
> destination is in itself justification for immediate
> classification of your
> exit relay as a bad exit. *Any* alteration/substitution of
> data qualifies the culpable exit relay for a BadExit flag.
Ofcourse i know tor does this, which is in theory the proper way but....
How does tor classify "proper destination"?
By doing DNS lookups and comparing the answers right?
That's a real problem for tor-operators in countries where DNS-queries are being intercepted by the authorities in certain countries...
The only way for tor-operators in that kind of environment is to use "custom DNS-servers" or put differently "other DNS servers as the default ones of the ISP".
In my current case Turkey, which redirects DNS-answers to block certain domains.
So yes what i want to do is about same as they do but under my own control of which ones get blocked.
The question that remains is: "How can i keep a tor relay running without being flagged as bad, while still doing custom blocking on the tor-client side?"
Brainstorming on my own:
I assume the only way is using a proxy _before_ the SOCKS connection to the tor-client, and setting up tor to use "custom DNS-servers" (term as explained above).
But which DNS-server IP's to use in "resolve.conf" because the nation's DNS servers are polluted...