[tor-bugs] #2575 [Tor Relay]: No DNS means no exiting

["Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>]

#2575: No DNS means no exiting
------------------------+---------------------------------------------------
  Reporter:  atagar     |              Owner:     
      Type:  defect     |             Status:  new
  Priority:  minor      |          Milestone:     
 Component:  Tor Relay  |            Version:     
  Keywords:             |             Parent:     
    Points:             |   Actualpointsdone:     
Pointsdone:             |       Actualpoints:     
------------------------+---------------------------------------------------
 If an exit is unable or unwilling to relay DNS requests then it's reverted
 to being a non-exiting relay [1].

 Is this a good idea? There's a tradeoff where on one hand we want to keep
 lookups and connections on the same circuit (limiting the spread of
 potentially sensitive information and due to possible colluding for
 correlation), but on the other this is throwing away potentially useful
 exits.

 This might be a non-issue for numerous reasons...
 a. If the risks of the former out weigh the benefits of the later.
 b. If this almost never occurs (since this is done on the client side
 there's no way to tell).
 c. We need to direct the failed DNS requests somewhere and exits that,
 say, disallow HTTP might be doing so for reasons that make handling DNS
 requests for webpages bad for them. For this one I'd suggest that we
 direct these requests to exits that explicitly allow port 53.

 I'm moving the discussion here from irc since it didn't get any traction
 and I'd like to make sure that we aren't needlessly hurting the network
 with this behavior. Cheers! -Damian

 [1] https://gitweb.torproject.org/tor.git/blob/HEAD:/src/or/router.c#l1867

 From #tor-dev:
 09:07 < atagar> Ahhh, evidently any exit relays DNS (reguardless of if
 they've allowed port 53), hence why it was ignoring the
 ExitPolicyRejectPrivate check. New couple questions in case anyone knows
 the answer offhand.

 09:07 < atagar> Is anyone with any sort of accept before a reject-all in
 their exit policy considered to be an exit?

 09:07 < atagar> Is this a good idea? Ie, are there cases where someone
 would want to be an exit but not provide DNS resolution? At present we
 drop relays that block tor from doing DNS resolution to be middle-hops
 (which could be hurting the network).

 09:10 < atagar> here's the no-dns-makes-us-a-middle-hop code:
 https://gitweb.torproject.org/tor.git/blob/HEAD:/src/or/router.c#l1867

 09:14 < shahn> The issue is that Tor connects to a hostname usually

 09:15 < shahn> so if the exit node doesn't support DNS, then you can't use
 them for that without additional delays

 09:17 < atagar> I understand why keeping lookups and connections on the
 same circuit is important, but is demoting these relays to be non-exits
 better than falling back to doing lookups via another circuit?

 09:19 < shahn> (unless the resolution is already cached)

 09:19 < atagar> of course

 09:20 < shahn> sorry bigtime lag

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2575>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs