[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
From: teor <teor2345@xxxxxxxxx>
Date: Sun, 8 Oct 2017 16:40:01 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 08 Oct 2017 16:40:22 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :references:in-reply-to:to; bh=yJUszPopLz/8LwcTSmtwSY1jJoegmBbVN6vtlDzNiy8=; b=WsZ2gSInhPBDL8wy8tefCkQSbUpPZlaCV9YYQbMnBB/diqo605Ui6ktTAkm+fidqoF Z4G0ct4Ox75Eo6Shu2c8ZLL0Z6oM5r2pI/SLWn+SMmqM4z1t0aDXMOOcBpxwcNoRPFSa LRlqiXdwlVg/RJ3WPwZ1yR4QC3vAy0NHUTIAGBV+uu1A+Ll5u0L4v8PZfLkrN+v8Qk6Q Dh7YzsJH5g98P2JT7JVaGzEpxeThEx11R7XScfz4TJIpMfxe2xbyFGRkbHZqltKZzcBL jyfK0Xq1cGeMB4S2ZZJv9jiE8iTtp9rJDrLzd1zDfYYe3lxbAqy7GaIJedmkf1hmC22z vJCw==
In-reply-to: <5513025d-c16d-15ca-7547-b07bf96fbf47@monksofcool.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <893478694.1218993.1507397950354.JavaMail.zimbra@laposte.net> <875805a4-1a75-a73e-ee29-8479f4d83db8@monksofcool.net> <CA+r81TDuFAUPvNv8XM9_1FUYmaSbs1m-uxZtAAJ_ozYyh-RQvw@mail.gmail.com> <21e4125f-0573-a739-e96f-7d0d877cfa14@monksofcool.net> <CA+r81TDAnEcUocv0LZKENN=uKktXJNzy-yLXrLjyp8Uc4T=d0g@mail.gmail.com> <d9881413-b099-52c0-8ab9-07462a4c5e71@monksofcool.net> <CA+r81TDNVtE1EsCYBQ67eZpCzZ+r7jQ07Tqnv1xhv2uxuSL4EA@mail.gmail.com> <c19128b0-8e34-80db-4a1f-f04fa2ce6d46@monksofcool.net> <191206008.1430578.1507491629579.JavaMail.zimbra@laposte.net> <5513025d-c16d-15ca-7547-b07bf96fbf47@monksofcool.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 8 Oct 2017, at 16:24, Ralph Seichter <m16+tor@xxxxxxxxxxxxxxx> wrote:

who is aware of the query is not all that matters ; the apparent
origin of the query also matters, depending of the position of the
attacker.

Sure, but keep in mind: Even if an attacker could gain access to all
root zone servers, he could not see the necessary follow-up queries on
TLD level (e.g. country domains, or .com, .net, etc.) and beyond. If I
looked up host.somedomain.fr, a root zone snoop might show my interest
in a French domain, but nothing else.

This is only true if your resolver implements QNAME minimisation:

https://tools.ietf.org/html/rfc7816

Currently, when a resolver receives the query "What is the AAAA
   record for www.example.com?", it sends to the root (assuming a cold
   resolver, whose cache is empty) the very same question.  Sending the
   full QNAME to the authoritative name server is a tradition, not a
   protocol requirement.

Does the version of the recursive resolver you're using

do this?

Or does it send only the minimal name required?

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: Ralph Seichter

References:
- [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: jpmvtd261
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: Ralph Seichter
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: Igor Mitrofanov
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: Ralph Seichter
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: Igor Mitrofanov
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: Ralph Seichter
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: Igor Mitrofanov
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: Ralph Seichter
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: jpmvtd261
- Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
  - From: Ralph Seichter

Prev by Author: Re: [tor-relays] About relay size
Next by Author: Re: [tor-relays] "Bug: Duplicate call to circuit_mark_for_close"
Previous by thread: Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
Next by thread: Re: [tor-relays] dnsmasq configuration for an exit relay (Debian)
Index(es):
- Author
- Thread