[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Building Petnames with DNSSEC...?



On Sun, Jun 03, 2012 at 10:30:13PM -0400, Nathan Freitas wrote:
> On 06/03/2012 09:30 PM, Jacob Appelbaum wrote:
> > That does indeed seem like a better idea. We'll need to use something
> > like unbound anyway, so we can use TXT records all the same, I guess.
> 
> Why not use SRV records?
> 
> if this was the
> _xmpp-client._tcp.foo.com. 82698 IN	SRV	10 0 5222 foo.com.
> _xmpp-server._tcp.foo.com. 86400 IN	SRV	10 0 5269 foo.com.
> 
> _onion-service._tcp.foo.com. 86400 IN	SRV	10 0 8888 xxxx.onion
> 
> or even this might be a good way to advertise onion based xmpp services:
> 
> _xmpp-client-onion._tcp.foo.com. 86400 IN	SRV	10 0 5222 xxxx.onion.

It will not work for the same reason. Quoting RFC 2782:

   Target
        The domain name of the target host.  There MUST be one or more
        address records for this name, the name MUST NOT be an alias (in
        the sense of RFC 1034 or RFC 2181).

.onion addresses do not map to IP addresses. So resolvers are likely to
give you a NXDOMAIN answer.

-- 
JÃrÃmy Bobbio                        .''`. 
lunar@xxxxxxxxxx                    : :â  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk