Re: Bug: improperly bound listen addresses?

[Scott Bennett <bennett@xxxxxxxxxx>]

     On Tue, 5 Aug 2008 15:07:27 -0400 grarpamp <grarpamp@xxxxxxxxx> wrote:
>>>>Yes. And it should have the facility to bind to whatever address I
>>>>tell it to use for that purpose. Not the primary address on any
>>>>given interface, the '*' address, etc. Tor already has facilities
>>>>for its OR and DIR 'listeners' and the 'outboundbindaddress'. It
>>>>needs one one for DNS resolution as well. I don't want it using .1
>>>>for that. Create a -dnssrcport and -dnsbindaddress. -dnssrcport
>>>>should allow >=1024 for non-root and anything for root, particularly
>>>>53.
>
>>> On 8/1/08, Scott Bennett <bennett@xxxxxxxxxx> wrote:
>>>    Perhaps you would explain to us why you wish to be able to use
>>>secured ports as client ports rather than server ports.  Your example,
>>>port 53, is the port to which named binds.  The routines in resolv.conf,
                                                               ^^^^^^^^^^^
     Sigh.  I see that once again I've written garbage while fading in and
out due to lack of sleep.  That should have said, "libresolv" (i.e., the
resolver library), of course.

>>>of course, use whatever port the kernel assigns to them because they
>>>are client routines, not the DNS server routines.  It's not at all
>>>clear what you have in mind.
>
>>Ahh, yes. Ok, Tor is not likely to be a named anytime soon :) I'll
>>fire up a named, bind it as desired and point Tor at it.
>
>
>Hi :) Finished testing...
>
>It is still necessary for Tor to have a -dnsclientaddress option.
>
>If I point resolv.conf to 127.0.0.1, Tor binds as follows:
>tor      tor      73613    9 udp4 127.0.0.1:2884 127.0.0.1:53
>tor      tor      73552    9 udp4 127.0.0.1:2884 127.0.0.1:53
>
>This is perfectly fine.
>
>If I point resolv.conf to w.x.y.z on the internet Tor binds as
>follows:
>
>tor      tor      73613   10 udp4 10.0.0.1:2885   w.x.y.z:53
>tor      tor      73552   10 udp4 10.0.0.1:2885   w.x.y.z:53

     If you have named running, then putting 127.0.0.1 into resolv.conf
as a server should cause all queries to go to your named.  It should
only be necessary to specify a remote name server as a backup in case
your named crashes or becomes otherwise unresponsive.
>
>This is not desirable. Because as before, I'm trying to move all
>of Tor's activities off of my primary interface address [10.0.0.1]
>and onto the secondary [10.0.0.2]. I've been able to use the following
>to move everything but this DNS binding to the secondary [10.0.0.2]:
>
>-orlistenaddress 10.0.0.2
>-dirlistenaddress 10.0.0.2
>-address 10.0.0.2 <-- workaround for bug: Tor not making note
> internally of the above two options and failing to run.
>-outboundbindaddress 10.0.0.2
>
     I think you're barking up the wrong tree here.  I don't know of
any way to tell the resolver routines to bind only to a particular
network interface for sending their queries.  If you really need to do
that, you need to have the source for the resolver library, so you can
build it with your own modifications.  AFAIK, tor uses the resolver
library, so adding a command line/torrc option like you're asking for
would have no effect.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************