[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Bug: improperly bound listen addresses?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Bug: improperly bound listen addresses?
- From: grarpamp <grarpamp@xxxxxxxxx>
- Date: Tue, 5 Aug 2008 15:07:27 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Tue, 05 Aug 2008 15:07:34 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=ulis9kmUhA/YZ/zP1clPboAY9HSMx35fu/pw8eH9KR0=; b=J+ERHsf6SRczPDVVzvGmbH7R5MLWQyJJra527+PYZ8fdfKQdtZfSkNeB+bi0hJBI02 foFCXGVJS3YBC6aVEstkOw0sB5GzWoO6qLx+ydinEU25Pf5aw6DFgMDi6IUlO1piEpYV lvfh/qvNS3CORFeBMV5SJUzreNhQO+ZCswN40=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=MioleUKJyK+pWejEs+4xOzcYeGXe6PH8z8C2OQHgsaTDF+MggEC+PbLF0cvZUUzUQq tXTU1UsMM2G5sm72/qfev9olX3SH0NHdTEYPsnFCGWBou3RjxuuahzFiVVO1/PW8myma XQt2//c/hyH2xy9OWf7L3rYhaKZvU1ylAvd0s=
- In-reply-to: <200808010600.m7160BAk000145@xxxxxxxxxxxxx>
- References: <200808010600.m7160BAk000145@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
>>>Yes. And it should have the facility to bind to whatever address I
>>>tell it to use for that purpose. Not the primary address on any
>>>given interface, the '*' address, etc. Tor already has facilities
>>>for its OR and DIR 'listeners' and the 'outboundbindaddress'. It
>>>needs one one for DNS resolution as well. I don't want it using .1
>>>for that. Create a -dnssrcport and -dnsbindaddress. -dnssrcport
>>>should allow >=1024 for non-root and anything for root, particularly
>>>53.
>> On 8/1/08, Scott Bennett <bennett@xxxxxxxxxx> wrote:
>> Perhaps you would explain to us why you wish to be able to use
>>secured ports as client ports rather than server ports. Your example,
>>port 53, is the port to which named binds. The routines in resolv.conf,
>>of course, use whatever port the kernel assigns to them because they
>>are client routines, not the DNS server routines. It's not at all
>>clear what you have in mind.
>Ahh, yes. Ok, Tor is not likely to be a named anytime soon :) I'll
>fire up a named, bind it as desired and point Tor at it.
Hi :) Finished testing...
It is still necessary for Tor to have a -dnsclientaddress option.
If I point resolv.conf to 127.0.0.1, Tor binds as follows:
tor tor 73613 9 udp4 127.0.0.1:2884 127.0.0.1:53
tor tor 73552 9 udp4 127.0.0.1:2884 127.0.0.1:53
This is perfectly fine.
If I point resolv.conf to w.x.y.z on the internet Tor binds as
follows:
tor tor 73613 10 udp4 10.0.0.1:2885 w.x.y.z:53
tor tor 73552 10 udp4 10.0.0.1:2885 w.x.y.z:53
This is not desirable. Because as before, I'm trying to move all
of Tor's activities off of my primary interface address [10.0.0.1]
and onto the secondary [10.0.0.2]. I've been able to use the following
to move everything but this DNS binding to the secondary [10.0.0.2]:
-orlistenaddress 10.0.0.2
-dirlistenaddress 10.0.0.2
-address 10.0.0.2 <-- workaround for bug: Tor not making note
internally of the above two options and failing to run.
-outboundbindaddress 10.0.0.2
Thanks.