Thanks for the response Ondrej. I was thinking specifically for the .onion addresses as opposed to the conventional www addressing. When the client first recognises the .onion domain, could a DNS be set up within Tor dealing only with .onion hostnames/domain space and conventional DNS requests for www be handled as currently (or developed as per proposal 129)? My thought was that [hiddenservice].onion would be dealt with by the Tor NameServer to return the hostname (derived from public key). From here the hidden services protocol would continue as per normal. The only weakness would be the security of the information coming back from the D/NS pointing to the same hostname.onion; however with Tor circuit/s to the DNS this should negate such an attack. Further to your comment about the request leaving the Tor network; these DNS requests would be handled internally, never leaving the network. Is this feasible and reliably reproducible? Just as there was the increasing need for the Tor search engine, this would (I believe) encourage more people to benefit from presenting their information/services in a usable format. I note your further comments about the cost/resources of registering the TLD .onion, but there may be a time when there is a business model that can benefit from the investment and returns. Yours sincerely Mike Fikuart IEng MIET Mobile: 07801 070580 Office: 020 33840275 Blog: mikefikuart Skype: mikefikuart Twitter: mikefikuart LinkedIn: mikefikuart On 30 Jul 2014, at 22:43, Ondrej Mikle <ondrej.mikle@xxxxxxxxx> wrote: Hi, On 07/30/2014 01:43 PM, Mike Fikuart wrote: > I am aware that there is a Project Idea (under > https://www.torproject.org/getinvolved/volunteer.html.en#improvedDnsSupport) > point q. Improved DNS support for Tor; I am the author of the proposal 219. If you want DNS, you can make it work today via a tunnel with Unbound. One sample howto: https://labs.nic.cz/page/993/ - DNSSEC is optional > however has there been any exploration or development of a fully fledged > DNS system for Tor I have spent more than half a year trying to make it work. Most time spent was due to DNSSEC and especially its latency - it is quite easy to have 20 roundtrips for one DNS request because of CNAME and DNAME. Which can take 5-20 seconds - incurring seemingly "random" errors (from the user's point of view). On a good day with good circuit and "heated cache" you can get average ~3 secs to resolve a request. > that could give human readable names to hidden services? This is not a good idea for many reasons. I'm not up-to-date with the latest rendezvous protocol, but AFAIK the DNS request would be sent from different exit node than the nodes used for rendezvous - which would in turn make correlation attacks easier. > If further consideration is given to also pursuing the registration of the > .onion domain as a TLD, this could also open further publicity and revenue > for the Tor Project. The domain auctions for .tv and .co raised > significant revenue for the Tuvalu and Colombian countries not to mention > the managing organisations. TLD costs $150k USD as "down payment" and requires additional infrastructure to support the gTLS which is not cheap. There are much better ways how to spend the resources. > Has any of this been looked at previously or are there reasons why this is > not being pursued? DNS being 30+ years old has incredibly many special cases. There are quick-and-dirty implementations but that's probably not what one would want with anonymity software. Ondrej -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk