[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] unbound, ttdnsd and DNSPort config

On Thu, 09 Jun 2011 02:00:23 +0200
intrigeri <intrigeri@xxxxxxxx> wrote:

> Hi,
> Anders Sundman wrote (06 Jun 2011 14:24:12 GMT) :
> > Used individually, the addr directives work fine and resolve using
> > their respective mechanism. Used together, it looks like ttdnsd
> > never gets a chance after tor has failed (e.g. when resolving a SRV
> > or MX record).
> > Any ideas?
> I've just had a look, by attempting to implement the same in Tails
> (i.e. query first the Tor resolver, and fallback to ttdnsd in case the
> former is not able to answer the query) as we planned to do for quite
> some time. I've seen the same results as you have, using the DNS
> frontend caching proxy Tails already ships (pdnsd) instead of unbound.
> A few dig commands learned me that the Tor resolver sends an empty
> reply (status: NOERROR, QUERY: 1, ANSWER: 0) rather than an error when
> it does not support the type of the query (e.g. MX). The obvious
> consequence of it is: the caching frontend DNS proxy (be it unbound,
> pdnsd or whatever) has thus no way to know it should fallback to
> ttdnsd in such a case, and it actually never does so, which confirms
> what you've observed in the first place.
> => In the current state of the Tor DNS resolver, we're forced to use
> ttdnsd by default, and only use the Tor resolver for .onion/.exit...
> unless I missed something.
> So I'm curious what the rationale for the "empty reply" behavior is.
> Any ideas?

This looks like a bug.  Please open a Trac ticket for it.

Robert Ransom

Attachment: signature.asc
Description: PGP signature

tor-talk mailing list