[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Bug: improperly bound listen addresses?
On Thu, 31 Jul 2008 21:31:40 -0400 grarpamp <grarpamp@xxxxxxxxx>
wrote without proper attribution of quoted text:
>> If you're a relay, tor will attempt to do name resolution for
>> clients, perhaps this is what you're seeing.
>
>Yes. And it should have the facility to bind to whatever address I
>tell it to use for that purpose. Not the primary address on any
>given interface, the '*' address, etc. Tor already has facilities
>for its OR and DIR 'listeners' and the 'outboundbindaddress'. It
>needs one one for DNS resolution as well. I don't want it using .1
>for that. Create a -dnssrcport and -dnsbindaddress. -dnssrcport
>should allow >=1024 for non-root and anything for root, particularly
>53.
Perhaps you would explain to us why you wish to be able to use
secured ports as client ports rather than server ports. Your example,
port 53, is the port to which named binds. The routines in resolv.conf,
of course, use whatever port the kernel assigns to them because they
are client routines, not the DNS server routines. It's not at all
clear what you have in mind.
>
>Note that Tor still performs some tor related DNS queries even if
>it is: 'reject *:*'. Otherwise there would be no need to bind udp
>in that case.
>
Yes, that is because it needs to determine from time to time whether
the name server used by your system has been corrupted to hijack "no
answer" queries or queries for A RR's for certain popular web sites. If
you have entered a host+domainname on the Address line in torrc, tor also
needs to be able to resolve that address.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************