[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2575 [Tor Relay]: No DNS means no exiting

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #2575 [Tor Relay]: No DNS means no exiting
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Thu, 17 Feb 2011 21:33:02 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 17 Feb 2011 16:33:11 -0500
In-reply-to: <046.0fddf048839cf7efff8e0d50e63d2f3a@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.0fddf048839cf7efff8e0d50e63d2f3a@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#2575: No DNS means no exiting
-----------------------+----------------------------------------------------
 Reporter:  atagar     |          Owner:     
     Type:  defect     |         Status:  new
 Priority:  minor      |      Milestone:     
Component:  Tor Relay  |        Version:     
 Keywords:             |         Parent:     
   Points:             |   Actualpoints:     
-----------------------+----------------------------------------------------

Comment(by rransom):

 Replying to [comment:2 atagar]:
 > > Why should we tie support for DNS requests to support for TCP
 connections to arbitrary hosts on port 53?
 >
 > I had been thinking that by accepting port 53 the relay operator's
 already agreeing to host DNS queries, but on second thought any relay that
 allows connections to the destination we're trying to reach would be
 perfectly fine.

 How does a client know whether a relay allows connections to the
 destination it is trying to reach before the client has resolved the
 destination's hostname?  How does the relay know whether it allows
 connections to a destination before deciding whether to allow a DNS
 request for the destination's hostname?

 What we need are new relay flags: BadDNS and (possibly) DNSExit.  BadDNS
 could someday replace !BadExit for exits that are only bad because their
 DNS resolvers cannot be trusted, and DNSExit could be used to indicate
 that a non-exit relay allows DNS queries.

 We would also need a new `request-flags` relay descriptor line, which a
 relay could use to ask the directory authorities to set or unset certain
 flags on it in the consensus.  In this case, an exit relay whose DNS self-
 tests detect malicious behaviour could put `request-flags +BadDNS` in its
 descriptor (instead of replacing its exit policy with `reject *:*`).  This
 descriptor line would have other uses as well; for example, a relay whose
 operator intends to shut it down in the next week could put `request-flags
 -Stable -Guard` in its descriptor.

 Both of these changes require proposals, and BadDNS and DNSExit require
 some thought regarding backward compatibility (e.g. when to turn off
 adding !BadExit along with BadDNS, and how to turn on client support for
 DNSExit).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2575#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #2575 [Tor Relay]: No DNS means no exiting
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #2575 [Tor Relay]: No DNS means no exiting
Next by Author: [tor-bugs] #2576 [Tor Relay]: Can we try to extend from the bridge to a website and learn if the website is reachable?
Previous by thread: Re: [tor-bugs] #2575 [Tor Relay]: No DNS means no exiting
Next by thread: Re: [tor-bugs] #2269 [Tor bundles/installation]: Hardware Router: 20 test relays/bridges
Index(es):
- Author
- Thread