On Thu, 09 Jun 2011 02:00:23 +0200 intrigeri <intrigeri@xxxxxxxx> wrote: > Hi, > > Anders Sundman wrote (06 Jun 2011 14:24:12 GMT) : > > Used individually, the addr directives work fine and resolve using > > their respective mechanism. Used together, it looks like ttdnsd > > never gets a chance after tor has failed (e.g. when resolving a SRV > > or MX record). > > > Any ideas? > > I've just had a look, by attempting to implement the same in Tails > (i.e. query first the Tor resolver, and fallback to ttdnsd in case the > former is not able to answer the query) as we planned to do for quite > some time. I've seen the same results as you have, using the DNS > frontend caching proxy Tails already ships (pdnsd) instead of unbound. > > A few dig commands learned me that the Tor resolver sends an empty > reply (status: NOERROR, QUERY: 1, ANSWER: 0) rather than an error when > it does not support the type of the query (e.g. MX). The obvious > consequence of it is: the caching frontend DNS proxy (be it unbound, > pdnsd or whatever) has thus no way to know it should fallback to > ttdnsd in such a case, and it actually never does so, which confirms > what you've observed in the first place. > > => In the current state of the Tor DNS resolver, we're forced to use > ttdnsd by default, and only use the Tor resolver for .onion/.exit... > unless I missed something. > > So I'm curious what the rationale for the "empty reply" behavior is. > Any ideas? This looks like a bug. Please open a Trac ticket for it. Robert Ransom
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk