[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
From: Matthew <pumpkin@xxxxxxxxx>
Date: Mon, 12 Apr 2010 09:13:43 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 12 Apr 2010 04:44:21 -0400
In-reply-to: <20100412020626.GR4366@xxxxxxxxxxxxxx>
References: <4BBDF516.1010603@xxxxxxxxx> <20100411191030.GA28926@xxxxxxxxxxxxxx> <4BC249C7.80005@xxxxxxxxx> <20100412020626.GR4366@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.24 (X11/20100411)

I'm not sure whether either of these bugs are fixed at present (ugh). So
I'd recommend sticking with yes (or true, I guess it's called now).

----
If "yes" is the same as "true" then this is a setting the Polipo manual
strongly advises against. "Finally, if dnsUseGethostbyname is true,
Polipo never tries to speak DNS itself and uses the system resolver straight away (this is not recommended)."

-----Given those, and since polipo shouldn't be doing any dns resolves anyway

when it's using a socks5 proxy, I figured I'd go for the choice that
exposed less surface area.

My fundamental question is this:

If the config file says "yes" to dnsUseGethostbyname then Tor does theDNS resolution.If however the config file says something else e.g. "reluctantly" (Themanual says "if it is reluctantly(the default), Polipo tries to speak DNS and falls back to the systemresolver if a name servercould not be contacted.") then does Polipo do its own DNS resolution andthen pass this on to Tor therefore leaking?

Or, are you saying, that "since polipo shouldn't be doing any dnsresolves anyway when it's using a socks5 proxy" the value ofdnsUseGethostbyname is not relevant when using Polipo with Tor since Torwill ALWAYS do DNS resolution because ofsocksParentProxy = "localhost:9050" and socksProxyType = socks5.


If yes then my first question is moot.

This is what is confusing me the most - whether changingdnsUseGethostbyname means Polipo (not Tor) now does the DNS resolution.

--Roger

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

References:
- Polipo and dnsUseGethostbyname - what is the best option and does it matter?
  - From: Matthew
- Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
  - From: andrew
- Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
  - From: Matthew
- Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
  - From: Roger Dingledine

Prev by Author: Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
Next by Author: Torbutton 1.2.5 Released
Previous by thread: Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
Next by thread: Torbutton 1.2.5 Released
Index(es):
- Author
- Thread