[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #6228 [Tor Hidden Services]: NSS module for .onion DNS name resolution

To: undisclosed-recipients:;
Subject: [tor-bugs] #6228 [Tor Hidden Services]: NSS module for .onion DNS name resolution
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sat, 23 Jun 2012 22:28:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 23 Jun 2012 18:29:04 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#6228: NSS module for .onion DNS name resolution
-------------------------------------+--------------------------------------
 Reporter:  tux                      |          Owner:     
     Type:  enhancement              |         Status:  new
 Priority:  minor                    |      Milestone:     
Component:  Tor Hidden Services      |        Version:     
 Keywords:  nss,dns,usability,onion  |         Parent:     
   Points:                           |   Actualpoints:     
-------------------------------------+--------------------------------------
 From a usability point of view it'd be great to always have .onion
 addresses resolved via Tor - system wide, by default. It'd make .onion
 addresses a first-class citizen in the overall web browsing experience.

 The idea is to provide a libnss-tor module to by default always resolve
 .onion addresses via Tor, with no need for 'torify', proxy configurations
 within an application etc. Similar to what libnss-mdns does for .local
 addresses for instance.

 Thanks to
 [https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy this]
 I came up with the following setup to achieve the same thing:
  * torrc with 'AutomapHostsOnResolve 1', 'DNSPort 53535' and 'TransPort
 9040'
  * dnsmasq with a 'server=/onion/127.0.0.1!#53535'
  * iptables -t nat -A OUTPUT -p tcp -d 127.192.0.0/10 -j REDIRECT --to-
 ports 9040
  * 'nameserver 127.0.0.1' in /etc/resolv.conf

 However having a libnss-tor for that would remove the iptables/dnsmasq
 part, which should make it way more convinient for most people. It'd also
 make the mapaddress option in the torrc obsolete, I think.

 Further things to consider:
  * Security implications?
  * Does something like libnss exist for other operating systems, too?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6228>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #6227 [Tor Relay]: util/threads testcase and starving workers
Next by Author: [tor-bugs] #6229 [EFF-HTTPS Everywhere]: NYDailyNews rule causes untrusted site warning
Previous by thread: Re: [tor-bugs] #3994 [Tor bundles/installation]: Get TorBrowser in Debian
Next by thread: [tor-bugs] #6229 [EFF-HTTPS Everywhere]: NYDailyNews rule causes untrusted site warning
Index(es):
- Author
- Thread