[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Polipo and dnsUseGethostbyname - what is the best option and does it matter?

To: or-talk@xxxxxxxx
Subject: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
From: Matthew <pumpkin@xxxxxxxxx>
Date: Thu, 08 Apr 2010 16:24:06 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 08 Apr 2010 11:41:26 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.24 (X11/20100317)

Hello,

The standard Polipo configuration file for Ubuntu located athttps://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.confshould replace the configuration file one downloads when Polipo isinstalled according to http://www.torproject.org/docs/tor-doc-unix.html.en.

The Polipo configuration fromhttps://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.confsays:


# Uncomment this to disable Polipo's DNS resolver and use the system's
# default resolver instead. If you do that, Polipo will freeze during
# every DNS query:

dnsUseGethostbyname = yes

However, section 3.9 of the Polipo manual says:

Polipo usually tries to speak the DNS protocol itself rather than usingthe system re-solver5 . Its precise behaviour is controlled by the value ofdnsUseGethostbyname. IfdnsUseGethostbyname is false, Polipo never uses the system resolver. Ifit is reluctantly(the default), Polipo tries to speak DNS and falls back to the systemresolver if a name servercould not be contacted. If it is happily, Polipo tries to speak DNS, andfalls back to the systemresolver if the host couldn’t be found for any reason (this is not agood idea for shared proxies).Finally, if dnsUseGethostbyname is true, Polipo never tries to speak DNSitself and uses the

system resolver straight away (this is not recommended).

Three questions:

First, since "yes" is not one of the four options listed in 3.9 whatdoes this mean? I was using "yes" for many months without realizing itwas not an option. How does Polipo use "yes"? Why is this in the configfile?

Second, surely the best option is "false". That way even if there is aproblem with Polipo's DNS it will not use the local DNS as listed inresolv.conf. Some people might say: put OpenDNS in resolv.conf. However,I am on an academic network which does not permit me to modify the DNS;changing resolv.conf means I have no connection. (I know about thednsNameServer option but let's leave that for now).

Third, I always use Polipo with Tor. Even if dnsUseGethostbyname is setto "yes" or any of the four valid options does this matter? Are DNSrequests passed through Polipo to Tor and then Tor does its DNSresolution (after the final exit node if I understand correctly?) sothis setting in the configuration file is not important? Or does Polipodo the DNS resolution before traffic is passed on to Tor in which casethe configuration file is crucial? In other words, when is DNS resolvedwhen using Tor and Polipo?


Thanks.


***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
  - From: andrew

Prev by Author: Re: enabling bridges on NATed clients
Next by Author: Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
Previous by thread: Re: [or-talk] where are the exit nodes gone?
Next by thread: Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
Index(es):
- Author
- Thread