[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: transparent forced dns-'proxy' on Exit-Node - is it ok?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: transparent forced dns-'proxy' on Exit-Node - is it ok?
- From: "Ringo Kamens" <2600denver@xxxxxxxxx>
- Date: Tue, 9 Jan 2007 11:00:00 -0700
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivery-date: Tue, 09 Jan 2007 13:00:22 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fEvlm9gVEtCvBc1qBUg04XWZOJnFsm/FNVvuI4sD1UhPCZJvBh0ErxsUKAFlAQn9FdTSdZFtK6ADdXagYKjKbpZSiiWR+hcCm0wLiVT45ECojXswlY3XsRNHfTRck9VTfW6dJNUkQ/THazg2J1mYTCBP3IgCvZGJmqQMK77QF6w=
- In-reply-to: <email@example.com>
- References: <firstname.lastname@example.org>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
I don't know the technicals of DNS but it sounds like a great idea to
me. One of the major problems tor faces (IMHO) is DNS resolution which
On 1/9/07, herfel@xxxxxxx <herfel@xxxxxxx> wrote:
for reasons that are not relevant to the question, my tor-node 'cannot'
function as an exit-node. However I was thinking that it would be possible
for me, to use iptables to force-route all outgoing dns-requests from the
tor-IP to my local dns-server, who would then make outgoing queries to it's
upstream dns-servers etc. Since we have a fast server and plenty of
bandwidth and reliable DNS (that do not much around with things), I think
this ould be helpful (in a small way) for improving DNS-resolution on the
However I can see how some people could see this as a negative thing,
because in cases where tor-users wanted to specifically talk with certain
DNS-Servers, or wanted to use non-dns udp-traffic on port 53, which for some
reason happened to look very much like dns-traffic, well, those people would
be annoyed, because they'd keep getting potentially "wrong" answers,
possibly in a way that they wouldn't be aware of right away.
Is there a policy on this? If not, I'd be interested in hearing opinions
(with arguments) about whether you'd find this helpful or hurtful; or
whether I should just forget about the idea.
Thanks and Regards
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer