Alexander Færøy: > Hey Jeremy, > > On 2020/05/15 15:53, Jeremy Rand wrote: >> FYI I already wrote a Prop279 provider that looks up the names via DNS >> (it's aptly named "dns-prop279"); it does pretty much exactly what you >> describe. It doesn't handle DNSSEC validation itself (it assumes that >> you've specified a DNS server that you trust -- most likely one running >> on localhost). Stream isolation can be handled via an EDNS0 field (and >> I'm guessing it would not be difficult to patch an existing DNS server >> to respect that EDNS0 field). I wouldn't be surprised if it's easy to >> make dns-prop279 do DNSSEC validation itself (and not use a >> localhost-based DNS server) if that's desired -- the library it uses >> (miekg/dns) does claim to support DNSSEC validation, though I've never >> tried testing that feature. > > Very interesting. > > I think proposal #279 only tries to solve the subset of name look ups, > which is about looking up onions from a human name. The work in this > thread is to replace all name lookups *except* for Onions. It could very > well be that it would be easier to extend proposal #279 by having it > handle all lookups and not just for .onion's, but I think my intuition > says that it should be two different systems as onion lookups is still a > much more open question whereas Tor will need to support ordinary DNS > for many years into the future. > > If `OnionNamePlugin` allowed you to specify `.*` for "everything" as the > TLD specifier, then it might be possible to implement such system using > proposal #279 :-) Hi Alex, The Prop279 spec text is ambiguous about whether the target is required to be a .onion domain, but the implementations (TorNS and StemNS) do not have that restriction. TorNS and StemNS allow a Prop279 plugin to advertise acceptance of any domain suffix (haven't explicitly tried the root zone as an suffix, but if that doesn't work, it's a bug that should be easy to fix) and can resolve them to any result (e.g. an IP address, a .onion domain, or another DNS name a la CNAME). Cheers, -- -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmobile@xxxxxxxxxx Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-security-critical things to my Mobile with OpenPGP. Please don't send me unencrypted messages. My business email jeremy@xxxxxxxxxxx is having technical issues at the moment.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev