[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "router get by nickname" on request to dir server appears to be failing

I'd like to get a clarification of the DNS lookup problem.

If I'm running a full DNS resolver on my system, then I'll send
queries to, for example, the DNS authority for .com, then for
domain.com, and then I'll have the address for site.domain.com. And,
this will leak my ID to the name server for domain.com.

But if I'm only talking to domain.com, not any of the subsites, then
my DNS request only goes to the TLD server.

And, if I'm not running a full resolver -- if I just send my request
to a single recursive server that returns my address -- then the DNS
request as seen by the world is from that other DNS server, not from

In both of these two cases, I do not see any privacy leak concern. Am
I missing one, or are these cases actually safe? And, if so, can that
warning message get disabled?

Yes, I know that DNS lookup improvements are coming. Right now I'd be
happy with some sort of "Only resolve DNS at this list of hosts"
rather than "resolve DNS at any host in the world". Because I'm
finding that I can't trust all of them.

On 3/4/07, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
On Sun, Mar 04, 2007 at 07:24:10AM -0800, Anon Mus wrote:
> Also how do I turn off logging of
> [Warning] fetch_from_buf_socks(): Your application (using socks5
> onport 80) is giving Tor only an IP address. Applications that do
> DNSresolves themselves may leak information. Consider using Socks4A
> (e.g.via privoxy or socat) instead.  For more information, please
> seehttp://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS.
> without turning off all the warning logging.

I don't think there is an easy way to turn off just this warning right
now; we're going to re-do how DNS happens in the next development
series (after 0.1.2.x), and stuff might improve then.